[USN-1523-1] NVIDIA graphics drivers vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Mon Aug 6 13:40:25 UTC 2012 

==========================================================================
Ubuntu Security Notice USN-1523-1
August 06, 2012

nvidia-graphics-drivers, nvidia-graphics-drivers-173, nvidia-graphics-drivers-173-updates, nvidia-graphics-drivers-updates vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

NVIDIA graphics drivers could be made to run programs as an administrator.

Software Description:
- nvidia-graphics-drivers: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-173: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-173-updates: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver

Details:

It was discovered that the NVIDIA graphics drivers could be reconfigured to
gain access to arbitrary system memory. A local attacker could use this
issue to gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  nvidia-173                      173.14.35-0ubuntu0.2
  nvidia-173-updates              173.14.35-0ubuntu0.2
  nvidia-current                  295.40-0ubuntu1.1
  nvidia-current-updates          295.49-0ubuntu0.2

Ubuntu 11.10:
  nvidia-173                      173.14.30-0ubuntu8.2
  nvidia-173-updates              173.14.30-0ubuntu5.2
  nvidia-current                  280.13-0ubuntu6.2
  nvidia-current-updates          295.20-0ubuntu0.4

Ubuntu 11.04:
  nvidia-173                      173.14.30-0ubuntu1.2
  nvidia-current                  270.41.06-0ubuntu1.2

Ubuntu 10.04 LTS:
  nvidia-173                      173.14.22-0ubuntu11.2
  nvidia-current                  195.36.24-0ubuntu1~10.04.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1523-1
  https://launchpad.net/bugs/1033452

Package Information:
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/295.40-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.35-0ubuntu0.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173-updates/173.14.35-0ubuntu0.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/295.49-0ubuntu0.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/280.13-0ubuntu6.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu8.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173-updates/173.14.30-0ubuntu5.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/295.20-0ubuntu0.4
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/270.41.06-0ubuntu1.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.30-0ubuntu1.2
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/195.36.24-0ubuntu1~10.04.3
  https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-173/173.14.22-0ubuntu11.2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120806/4c3b0caa/attachment.sig>

More information about the ubuntu-security-announce mailing list