Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in NVIDIA
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in NVIDIA
ID: USN-3521-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10
Datum: Di, 9. Januar 2018, 18:37
Referenzen: https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.14.04.1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.04.1
Applikationen: NVIDIA

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6608719487082587139==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="l5KRGvrnKFRSwNeLu4sH1cmIHshB32BDw"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--l5KRGvrnKFRSwNeLu4sH1cmIHshB32BDw
Content-Type: multipart/mixed;
boundary="36Dea05qdsNHL8GhQdfBPAt7mjDdvpIgu";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <efec03ae-e63c-815e-3e7c-dc9c6fe456a4@canonical.com>
Subject: [USN-3521-1] NVIDIA graphics drivers vulnerability

--36Dea05qdsNHL8GhQdfBPAt7mjDdvpIgu
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3521-1
January 09, 2018

nvidia-graphics-drivers-384 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- nvidia-graphics-drivers-384: NVIDIA binary X.Org driver

Details:

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory.

This update provides mitigations to address the issue, along with
compatibility fixes for the corresponding Linux kernel updates.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
nvidia-384 384.111-0ubuntu0.17.10.1

Ubuntu 17.04:
nvidia-384 384.111-0ubuntu0.17.04.1

Ubuntu 16.04 LTS:
nvidia-384 384.111-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
nvidia-384 384.111-0ubuntu0.14.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3521-1
CVE-2017-5753

Package Information:

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.10.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.04.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.16.04.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.14.04.1



--36Dea05qdsNHL8GhQdfBPAt7mjDdvpIgu--

--l5KRGvrnKFRSwNeLu4sH1cmIHshB32BDw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJaVOiFAAoJEGVp2FWnRL6TEfoP/1/Z5X8lorsDt7Xy3hWFIo+p
V6CJzLzLY7+QEUj1yJNYKhAhqXMryHN2VFuA726wwK6cLDeywgIA6g9T0Gl27yOZ
PtBdi0L7vS1GRXOKzRhewCl38sbNHvFn7Fc7qa5SAIG5ZMC7yVQu0l0BNdATx84E
FjJVwzyDVZWKo0dRUaWeG8cfBQP91uw8XWHQ9dl7B13Cc/s64iyTezCRL563dJf8
6C0KLP/uYmkdd8jeWDYbfWvKrb8ubhyv27sPpCqw/nAkJriJW8WWVtEVlf2cVe+K
d1sa5Aw0TW4GJMLOZ6N2q4BB4l+T/EAStAkr92023q9NLQkrbqG04/6bN3h7nhWE
jRQReAuO8HoRldW9v0sYW1RirWAjnwcf6qEGTqUcouaipsGFlRn+XAvopROXhosM
pB0KDLcF31hCdCxWhmmg99a4tYmVqxKrt17wuSt7vy+S+vxe75cVbjZIiPTp5Ib9
UNp23/fwvwTHEWh4FTsorU3XZ3CuPnTUwdGdyn4yhY1nJV5QP9V5qwDIucmcG73t
VuhKUgZ4n9y9I5tB8INyBS//F2p5I0ZqYWyUY0yO3QgT9iuD2bKArMeq6csGoqas
zDbsFB045voKQMaspQZpmGdhnuTPJEX9woy7E6uy1bvDvxYe51WykkDH4CrAS50h
fzrGIzYTsTCZrJh50Gt8
=zqaS
-----END PGP SIGNATURE-----

--l5KRGvrnKFRSwNeLu4sH1cmIHshB32BDw--


--===============6608719487082587139==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6608719487082587139==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung