==========================================================================
Ubuntu Security Notice USN-2438-1
December 10, 2014

nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates,
nvidia-graphics-drivers-331, nvidia-graphics-drivers-331-updates vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the NVIDIA graphics drivers.

Software Description:
– nvidia-graphics-drivers-304: NVIDIA binary Xorg driver
– nvidia-graphics-drivers-304-updates: NVIDIA binary Xorg driver
– nvidia-graphics-drivers-331: NVIDIA binary Xorg driver
– nvidia-graphics-drivers-331-updates: NVIDIA binary Xorg driver

Details:

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX
indirect rendering support. An attacker able to connect to an X server,
either locally or remotely, could use these issues to cause the X server to
crash or execute arbitrary code resulting in possible privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
nvidia-304 304.125-0ubuntu0.1
nvidia-304-updates 304.125-0ubuntu0.1
nvidia-331 331.113-0ubuntu0.1
nvidia-331-updates 331.113-0ubuntu0.1

Ubuntu 14.04 LTS:
nvidia-304 304.125-0ubuntu0.0.1
nvidia-304-updates 304.125-0ubuntu0.0.1
nvidia-331 331.113-0ubuntu0.0.4
nvidia-331-updates 331.113-0ubuntu0.0.4

Ubuntu 12.04 LTS:
nvidia-304 304.125-0ubuntu0.0.0.1
nvidia-304-updates 304.125-0ubuntu0.0.0.1
nvidia-331 331.113-0ubuntu0.0.0.3
nvidia-331-updates 331.113-0ubuntu0.0.0.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2438-1
CVE-2014-8091, CVE-2014-8098, CVE-2014-8298

Package Information:

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.125-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304-updates/304.125-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331/331.113-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331-updates/331.113-0ubuntu0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.125-0ubuntu0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304-updates/304.125-0ubuntu0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331/331.113-0ubuntu0.0.4

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331-updates/331.113-0ubuntu0.0.4

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/304.125-0ubuntu0.0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304-updates/304.125-0ubuntu0.0.0.1

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331/331.113-0ubuntu0.0.0.3

https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-331-updates/331.113-0ubuntu0.0.0.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUiJ83AAoJEGVp2FWnRL6TpGQQAL5EraWW9H8IZbJw4CMGnbAA
U3XntYO28NdWRZQxLHx6ywVIAL5lCehpZ755ER3YB5dopo05aJtQbEUPAR3rDhL7
vG+D7Ok4PRSP/Y9OYKUC13K5f83Wl95+6CbcHvipFUij85P/HKfPqknIbN2FLf4Z
LEmNOOwxEu2+YklzG4cS/8cbI/Q+oPwHEl+Xw5BgYBz0gzK1X2ghvIjOgukHlzKX
fUInpIQCYkwMrYwkz0aAfFZQ1u3nRV68YzfZqMnPyN1ioHNZXpHFfLEGcvJkmcW4
05uGDj0S23JiDjk1kkZe1Q/26Y5ZPCsOo4UMtKM4SZ/KIrH9iDM/KMhGr3OHyFlb
Qz3AcDXDtieffqQ0v7c6hjgvMg2Yx2jSos2t549yz5Pa4QFQ2W/t/Rlb4wd4TxzK
sTj+7/WNCmRYHUWEV2xvLP9lp7iS8MYlJd7PcF7UfERrSGYyvgKAkaYQfjVKdKtP
2HgnLVeUIJNaVz/mbtao+VY46n3gkXmEbl/huPORMcTxbfHL6dzmpl7p5iiP4+AE
5fPu5HcRZGTCxVZicH8KiaLaHf3eizPM/xYC0/qFrO9TXe9FE5dvejXRYKlh9nEA
z5oirrC3yfnWzk30Ih8yrKZuZvBrIEu6DePsX/zA1aLt6Q2JkfvnuVWwi+IOj6wX
H2WKIYZG5aVqS0ww5EdI
=ZjLL
—–END PGP SIGNATURE—–
—