You are here
Home > Preporuke > Sigurnosni nedostaci NVIDIA grafičkih upravljačkih programa

Sigurnosni nedostaci NVIDIA grafičkih upravljačkih programa

==========================================================================
Ubuntu Security Notice USN-2438-1
December 10, 2014

nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates,
nvidia-graphics-drivers-331, nvidia-graphics-drivers-331-updates vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the NVIDIA graphics drivers.

Software Description:
– nvidia-graphics-drivers-304: NVIDIA binary Xorg driver
– nvidia-graphics-drivers-304-updates: NVIDIA binary Xorg driver
– nvidia-graphics-drivers-331: NVIDIA binary Xorg driver
– nvidia-graphics-drivers-331-updates: NVIDIA binary Xorg driver

Details:

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX
indirect rendering support. An attacker able to connect to an X server,
either locally or remotely, could use these issues to cause the X server to
crash or execute arbitrary code resulting in possible privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
nvidia-304 304.125-0ubuntu0.1
nvidia-304-updates 304.125-0ubuntu0.1
nvidia-331 331.113-0ubuntu0.1
nvidia-331-updates 331.113-0ubuntu0.1

Ubuntu 14.04 LTS:
nvidia-304 304.125-0ubuntu0.0.1
nvidia-304-updates 304.125-0ubuntu0.0.1
nvidia-331 331.113-0ubuntu0.0.4
nvidia-331-updates 331.113-0ubuntu0.0.4

Ubuntu 12.04 LTS:
nvidia-304 304.125-0ubuntu0.0.0.1
nvidia-304-updates 304.125-0ubuntu0.0.0.1
nvidia-331 331.113-0ubuntu0.0.0.3
nvidia-331-updates 331.113-0ubuntu0.0.0.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2438-1
CVE-2014-8091, CVE-2014-8098, CVE-2014-8298

Package Information:

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.125-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304-updates/304.125-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331/331.113-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331-updates/331.113-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.125-0ubuntu0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304-updates/304.125-0ubuntu0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331/331.113-0ubuntu0.0.4

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331-updates/331.113-0ubuntu0.0.4

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.125-0ubuntu0.0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304-updates/304.125-0ubuntu0.0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331/331.113-0ubuntu0.0.0.3

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331-updates/331.113-0ubuntu0.0.0.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUiJ83AAoJEGVp2FWnRL6TpGQQAL5EraWW9H8IZbJw4CMGnbAA
U3XntYO28NdWRZQxLHx6ywVIAL5lCehpZ755ER3YB5dopo05aJtQbEUPAR3rDhL7
vG+D7Ok4PRSP/Y9OYKUC13K5f83Wl95+6CbcHvipFUij85P/HKfPqknIbN2FLf4Z
LEmNOOwxEu2+YklzG4cS/8cbI/Q+oPwHEl+Xw5BgYBz0gzK1X2ghvIjOgukHlzKX
fUInpIQCYkwMrYwkz0aAfFZQ1u3nRV68YzfZqMnPyN1ioHNZXpHFfLEGcvJkmcW4
05uGDj0S23JiDjk1kkZe1Q/26Y5ZPCsOo4UMtKM4SZ/KIrH9iDM/KMhGr3OHyFlb
Qz3AcDXDtieffqQ0v7c6hjgvMg2Yx2jSos2t549yz5Pa4QFQ2W/t/Rlb4wd4TxzK
sTj+7/WNCmRYHUWEV2xvLP9lp7iS8MYlJd7PcF7UfERrSGYyvgKAkaYQfjVKdKtP
2HgnLVeUIJNaVz/mbtao+VY46n3gkXmEbl/huPORMcTxbfHL6dzmpl7p5iiP4+AE
5fPu5HcRZGTCxVZicH8KiaLaHf3eizPM/xYC0/qFrO9TXe9FE5dvejXRYKlh9nEA
z5oirrC3yfnWzk30Ih8yrKZuZvBrIEu6DePsX/zA1aLt6Q2JkfvnuVWwi+IOj6wX
H2WKIYZG5aVqS0ww5EdI
=ZjLL
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivost programskog paketa file

Otkrivene su tri ranjivosti kod programskog paketa file za FreeBSD. Ranjivosti mogu biti iskorištene za uskraćivanje usluge, narušavanje integriteta podataka...

Close