[Trisquel-security] [USN-1799-1] NVIDIA graphics drivers vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Wed Apr 10 15:17:35 CEST 2013


==========================================================================
Ubuntu Security Notice USN-1799-1
April 10, 2013

nvidia-graphics-drivers, nvidia-graphics-drivers-updates,
nvidia-settings, nvidia-settings-updates vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

NVIDIA graphics drivers could be made to run programs as an administrator.

Software Description:
- nvidia-graphics-drivers: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver
- nvidia-settings: Tool for configuring the NVIDIA graphics driver
- nvidia-settings-updates: Tool for configuring the NVIDIA graphics driver

Details:

It was discovered that the NVIDIA graphics drivers incorrectly handled
large ARGB cursors. A local attacker could use this issue to gain root
privileges.

The NVIDIA graphics drivers have been updated to 304.88 to fix this issue.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  nvidia-current                  304.88-0ubuntu0.1
  nvidia-current-updates          304.88-0ubuntu0.1
  nvidia-settings                 304.88-0ubuntu0.2
  nvidia-settings-updates         304.88-0ubuntu0.2

Ubuntu 12.04 LTS:
  nvidia-current                  304.88-0ubuntu0.0.2
  nvidia-current-updates          304.88-0ubuntu0.0.1
  nvidia-settings                 304.88-0ubuntu0.0.2
  nvidia-settings-updates         304.88-0ubuntu0.0.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1799-1
  CVE-2013-0131

Package Information:

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.1
  https://launchpad.net/ubuntu/+source/nvidia-settings/304.88-0ubuntu0.2

https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.2

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.0.2

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.0.1
  https://launchpad.net/ubuntu/+source/nvidia-settings/304.88-0ubuntu0.0.2

https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.0.2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://listas.trisquel.info/pipermail/trisquel-security/attachments/20130410/48a72b50/attachment.pgp>
-------------- next part --------------
-- 
ubuntu-security-announce mailing list
ubuntu-security-announce at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


More information about the Trisquel-security mailing list