You are here
Home > Preporuke > Ranjivosti NVIDIA pogonskih programa

Ranjivosti NVIDIA pogonskih programa

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201402-02
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
http://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: High
Title: NVIDIA Drivers: Privilege Escalation
Date: February 02, 2014
Bugs: #493448
ID: 201402-02

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

A NVIDIA drivers bug allows unprivileged user-mode software to access
the GPU inappropriately, allowing for privilege escalation.

Background
==========

The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
boards.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 x11-drivers/nvidia-drivers
< 331.20 *>= 304.116
*>= 319.76
>= 331.20

Description
===========

The vulnerability is caused due to the driver allowing unprivileged
user-mode software to access the GPU.

Impact
======

A local attacker could gain escalated privileges.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All NVIDIA Drivers users using the 331 branch should upgrade to the
latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=x11-drivers/nvidia-drivers-331.20”

All NVIDIA Drivers users using the 319 branch should upgrade to the
latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=x11-drivers/nvidia-drivers-319.76”

All NVIDIA Drivers users using the 304 branch should upgrade to the
latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=x11-drivers/nvidia-drivers-304.116”

References
==========

[ 1 ] CVE-2013-5986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5986
[ 2 ] CVE-2013-5987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5987

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201402-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQEcBAEBAgAGBQJS7ow+AAoJECo/aRed9267jrMH/14sR/MkVI6c3lGcj1/UxXwm
kJh4Wan7LMLwh45xGti7cdmzZmxliBKiq6GKdrR3ysO41uEmWBY3uXiR5v1vEm3T
vYmlwTWzjejpD4m6WGwPFgu7trQU6WDab0Ullsd7RJq8vP5Ebkr655/xt+1gPoqK
nTGJJm6QIYrtHGmeEDLUj48dZsUCAIRqGsAOB4R7gU90hV9Gkjoih/Wha/orVAIX
ikTqFMXC+nhk/38ytgB9TYtYVpaMhMlGvzACxjX1dtMM2dvQfGAtVqR8499aSGtA
++nhBV4S7CEyWzGs9CzuZVG0YJMEqy4FlcOqArY3unuzZXZd83T059zGykTWCP4=
=txSt
—–END PGP SIGNATURE—–

Top
More in Preporuke
Ranjivost programskog paketa pixman

Otkrivena je ranjivost cjelobrojnog podljeva kod programskog paketa pixman uzrokovana neodgovarajućim upravljanjem trapezoidima. Uspješno iskorištavanje ranjivosti može rezultirati rušenjem aplikacije...

Close