Ausführen beliebiger Kommandos in nvidia-graphics-drivers
ID: | USN-1420-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10 |
Datum: | Mi, 11. April 2012, 17:14 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0946 |
Applikationen: | nVidia XFree86/X.org Drivers |
Originalnachricht |
|
--===============7619073410535382080== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-0HebLqWEyRdOXMjDi+ST" --=-0HebLqWEyRdOXMjDi+ST Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1420-1 April 11, 2012 nvidia-graphics-drivers, nvidia-graphics-drivers-173, nvidia-graphics-drivers-173-updates, nvidia-graphics-drivers-updates vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: NVIDIA graphics drivers could be made to run programs as an administrator. Software Description: - nvidia-graphics-drivers: NVIDIA binary Xorg driver - nvidia-graphics-drivers-173: NVIDIA binary Xorg driver - nvidia-graphics-drivers-173-updates: NVIDIA binary Xorg driver - nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver Details: It was discovered that the NVIDIA graphics drivers could be reconfigured to gain access to arbitrary system memory. A local attacker could use this issue to possibly gain root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: nvidia-173 173.14.30-0ubuntu8.1 nvidia-173-updates 173.14.30-0ubuntu5.1 nvidia-current 280.13-0ubuntu6.1 nvidia-current-updates 280.13-0ubuntu5.1 Ubuntu 11.04: nvidia-173 173.14.30-0ubuntu1.1 nvidia-current 270.41.06-0ubuntu1.1 Ubuntu 10.04 LTS: nvidia-173 173.14.22-0ubuntu11.1 nvidia-current 195.36.24-0ubuntu1~10.04.2 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1420-1 CVE-2012-0946 Package Information: https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/280.13-0ubuntu6.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu8.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173-updates/173.14.30-0ubuntu5.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/280.13-0ubuntu5.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/270.41.06-0ubuntu1.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu1.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/195.36.24-0ubuntu1~10.04.2 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.22-0ubuntu11.1 --ÐHebLqWEyRdOXMjDi+ST Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCgAGBQJPhZxCAAoJEGVp2FWnRL6TLIAQAIthVVivhxqwv7j1e+7vS51j kxFURUUgpD/WujXQImpHmnU0sqeg3kUi2eKZJpeuyOixblrCXD1CRe9oBmjV9oAL PqLWcr2qw/qRs63zoIk7ER8xulye7vHURejP+ZHMS0inNs0mEo7aohSo0Rycgibr ssicw7duuItxmBjvA2qWT6p2L69IvQH5ZKFAD4yvNzOa6P7/yiepyNacUII/FImc DdbfG9UoDXRH8aVvX/5am7txCABWDyjKlFUUcmRFIssw5KhAxQ16SpOeITwVGUGQ tc0gJ9LZze6AmiVYsgUjGsLRPNyPZB+zkmEB/V/ibIJjszGfElN83zkdd8VChRRO 2Md3XGg8UEsZE3tictfGanem/e+cElkFhvwdVPgdz+J3uJyyBIJg66xJ/eLTZ7OB FUJVhI3W7jPHmaH383SrWLxqA2Wgw8hKObkpUiwu41bjK5xW9g+pmphxgm36BCrC IT2M91z3nkyMGWL8BGRhAksfWg0k4BgpnQCNnBRFbw/yyyFjXEJ92b08SgpmcYOv NfLImbmsvMF7GGFMB7hjPEvWav3iGgQceMyHQ6iSccYawRb4yK+Bzr6QnPD8mQum GeJxBj8UgbvgRISWc/TD+EWZ8Sd03fMHGWmy+KoS7FtjWhpb7+cB6I9FFacJSglc +lLPsTo+YfrM+kw8+HFP =PxN5 -----END PGP SIGNATURE----- --=-0HebLqWEyRdOXMjDi+ST-- --===============7619073410535382080== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============7619073410535382080==-- |