Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-1799-1] NVIDIA graphics drivers vulnerability
(Marc Deslauriers)
----------------------------------------------------------------------
Message: 1
Date: Wed, 10 Apr 2013 09:17:35 -0400
From: Marc Deslauriers <marc.deslauriers@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-1799-1] NVIDIA graphics drivers vulnerability
Message-ID: <5165666F.3090506@canonical.com>
Content-Type: text/plain; charset="iso-8859-1"
==========================================================================
Ubuntu Security Notice USN-1799-1
April 10, 2013
nvidia-graphics-drivers, nvidia-graphics-drivers-updates,
nvidia-settings, nvidia-settings-updates vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
NVIDIA graphics drivers could be made to run programs as an administrator.
Software Description:
- nvidia-graphics-drivers: NVIDIA binary Xorg driver
- nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver
- nvidia-settings: Tool for configuring the NVIDIA graphics driver
- nvidia-settings-updates: Tool for configuring the NVIDIA graphics driver
Details:
It was discovered that the NVIDIA graphics drivers incorrectly handled
large ARGB cursors. A local attacker could use this issue to gain root
privileges.
The NVIDIA graphics drivers have been updated to 304.88 to fix this issue.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
nvidia-current 304.88-0ubuntu0.1
nvidia-current-updates 304.88-0ubuntu0.1
nvidia-settings 304.88-0ubuntu0.2
nvidia-settings-updates 304.88-0ubuntu0.2
Ubuntu 12.04 LTS:
nvidia-current 304.88-0ubuntu0.0.2
nvidia-current-updates 304.88-0ubuntu0.0.1
nvidia-settings 304.88-0ubuntu0.0.2
nvidia-settings-updates 304.88-0ubuntu0.0.2
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1799-1
CVE-2013-0131
Package Information:
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.1
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.1
https://launchpad.net/ubuntu/+source/nvidia-settings/304.88-0ubuntu0.2
https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.2
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.0.2
https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.0.1
https://launchpad.net/ubuntu/+source/nvidia-settings/304.88-0ubuntu0.0.2
https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.0.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130410/48a72b50/attachment-0001.pgp>
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 103, Issue 6
********************************************************
News
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2013
(149)
-
▼
April
(13)
- ubuntu-security-announce Digest, Vol 103, Issue 13
- ubuntu-security-announce Digest, Vol 103, Issue 12
- ubuntu-security-announce Digest, Vol 103, Issue 11
- ubuntu-security-announce Digest, Vol 103, Issue 10
- ubuntu-security-announce Digest, Vol 103, Issue 9
- ubuntu-security-announce Digest, Vol 103, Issue 8
- ubuntu-security-announce Digest, Vol 103, Issue 7
- ubuntu-security-announce Digest, Vol 103, Issue 6
- ubuntu-security-announce Digest, Vol 103, Issue 5
- ubuntu-security-announce Digest, Vol 103, Issue 4
- ubuntu-security-announce Digest, Vol 103, Issue 3
- ubuntu-security-announce Digest, Vol 103, Issue 2
- ubuntu-security-announce Digest, Vol 103, Issue 1
-
▼
April
(13)
No comments:
Post a Comment