Your message dated Thu, 01 Oct 2015 03:38:43 +0000
with message-id <[email protected]>
and subject line Bug#800566: fixed in nvidia-graphics-drivers 352.41-1
has caused the Debian Bug report #800566,
regarding nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an
unsanitized pointer in the NVIDIA display driver
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
800566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800566
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Version: 304.22-1
Severity: serious
Tags: security
https://nvidia.custhelp.com/app/answers/detail/a_id/3763
A vulnerability has been found in the NVIDIA driver that could be used
to allow a local, non-privileged user to corrupt kernel memory. This
could be used to gain local root privileges.
A local user can issue a specially crafted IOCTL to write a 32-bit
integer value stored in the kernel driver to a user-specified memory
location, potentially in the kernel address space. The user has a
limited ability to influence the value of the integer that is written.
Exploit Scope and Risk:
This issue is present on Windows and Linux operating systems and affects
all currently supported NVIDIA driver releases and all GPUs. This issue
does not affect Android-based NVIDIA Tegra products.
Branch 1st version including the fix
R304 304.128
R340 340.93
R352 352.41
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-graphics-drivers
Source-Version: 352.41-1
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated nvidia-graphics-drivers
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 01 Oct 2015 03:56:38 +0200
Source: nvidia-graphics-drivers
Binary: nvidia-driver nvidia-driver-bin xserver-xorg-video-nvidia
libgl1-nvidia-glx libgl1-nvidia-glx-i386 libegl1-nvidia libgles1-nvidia
libgles2-nvidia libnvidia-eglcore nvidia-alternative nvidia-kernel-dkms
nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1
libcuda1-i386 libnvidia-compiler libnvcuvid1 libnvidia-encode1 libnvidia-ifr1
libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd
nvidia-libopencl1 nvidia-detect
Architecture: source
Version: 352.41-1
Distribution: experimental
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Description:
libcuda1 - NVIDIA CUDA Driver Library
libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc}
libegl1-nvidia - NVIDIA binary EGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx-i386 - NVIDIA binary OpenGL 32-bit
libraries${nvidia:LegacyDesc}
libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc}
libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc}
libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library
libnvidia-compiler - NVIDIA runtime compiler library
libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc}
libnvidia-encode1 - NVENC Video Encoding runtime library
libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library
libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library
libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library
nvidia-alternative - allows the selection of NVIDIA as GLX provider
nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS)
nvidia-detect - NVIDIA GPU detection utility
nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc}
nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc}
nvidia-kernel-dkms - NVIDIA binary kernel module DKMS
source${nvidia:LegacyDesc}
nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library
nvidia-opencl-common - NVIDIA OpenCL driver
nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD)
nvidia-smi - NVIDIA System Management Interface
nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA
driver
xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 794435 800566
Changes:
nvidia-graphics-drivers (352.41-1) experimental; urgency=medium
.
[ Andreas Beckmann ]
* New upstream long lived branch release 352.41 (2015-08-28).
* Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer.
(Closes: #800566)
- Added support for the following GPUs: GeForce GTX 950, Quadro M4000,
Quadro M5000.
- Fixed a bug that caused VDPAU to only display the top half of a video
frame when decoding and displaying H.265/HEVC encoded video streams.
* New upstream release 340 series.
- Fixed a bug that caused the X server to crash if an OpenGL application
tried to allocate a drawable when GPU-accessible memory is exhausted.
* conftest.h:
- Implement new conftest.sh function dma_map_ops (352.30).
- Reorder conftest.h to match conftest.sh.
.
[ Luca Boccassi ]
* conftest.h:
- dma_map_ops and dma_ops are available for PPC and ARM too
* refresh uvm-symvers.patch (offset)
* Add include-swiotlb-header-on-arm.patch needed for dkms build on
armhf: swiotlb.h is necessary to use dma_ops and family
* Add ignore_xen_on_arm.patch needed for dkms build on armhf: armmp
kernel headers ship with CONFIG_XEN enabled, which breaks the build,
so since running this driver on XEN is currently not supported,
ignore the check for XEN in nv-linux.h as a workaround on arm, and
also disable CONFIG_XEN and CONFIG_XEN_DOM0 if building on <= 3.16.
(Closes: #794435)
* Update rules.def, armhf DKMS module builds on 3.16, 4.0 and 4.1.
* Update nv-readme.ids.
Checksums-Sha1:
06b12de7d3e25b9c5386563b61dcfd62a60b7cbe 4431
nvidia-graphics-drivers_352.41-1.dsc
a67183f641b0389b846f50068b349b8ba7e65811 142324561
nvidia-graphics-drivers_352.41.orig.tar.gz
a320d448a579022ed7954b24dbe098d5e5220993 132764
nvidia-graphics-drivers_352.41-1.debian.tar.xz
Checksums-Sha256:
2271f042680a796031554e788a4493d401439a768e2fa499d3a2d1053a877a4b 4431
nvidia-graphics-drivers_352.41-1.dsc
60633243884d8571874a401ea8290a09c18613bf5342207cdb54af866e62c555 142324561
nvidia-graphics-drivers_352.41.orig.tar.gz
af3c5472b01218a5894591a45407749ca585a39ea0f6e660715f8805150346fa 132764
nvidia-graphics-drivers_352.41-1.debian.tar.xz
Files:
3a22d01cf4674a4965dca2ce211dc1b9 4431 non-free/libs optional
nvidia-graphics-drivers_352.41-1.dsc
68322168e430019976171f701b712601 142324561 non-free/libs optional
nvidia-graphics-drivers_352.41.orig.tar.gz
1d385887dede28724eefa2fd91c03150 132764 non-free/libs optional
nvidia-graphics-drivers_352.41-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWDJRHAAoJEF+zP5NZ6e0I7boQAKCn/h9RaW0UdyDPzT9QAJiO
LuWs3r4hd27/pQ5QkYnZMh2ZE0TOcIoVhw/k2e3QhRpmhNCgXqhvMMGapW/O69sk
jjeZ5BECCUwFT5++62OPx+O5umUFPUpSA4pPHhZhSw9WsjP1sGI5hdBDxwb/Ygh1
5dqfrONYNhlovwNmM3/aVMjjGa9rjTsYUmYeyzPuwz2oRMoiJ1yDLkoY7tT2xO3j
t2WvW/RFZtlDSbEpo7UfyFi/jkg+/VBi2wWqmXVA5+zEQHdt4HkLjG46bcfg5h2L
ROapRaW6uAjPrm7RAF+9Irq7DNcwacqeG/AOnSyQaTtOESfv3pshCymXrVXHrLTN
Yg3TTy2Ygt7x9tf9GNzih2ZS151go+sDPm5MZPF0RyY/qLU2hEyPdP/wkMclyiLZ
DF1mtJ6qjJZu/2UyRpqOMrIIhryLWCINQZqUZUAUPP17AJ4fFgkTRYKtRml0RP8n
g6mit/H3brUv+4nTs8qukyyd9LaZhnQGlj4Ib85myGJsysb4/BKOOFEtG4n+T2BG
E9BvAOSO1wp+t/RXxSi3qsQX1Rs4e0dEpmygzdk2OOjMZRBmqtOH1/0dEypvMIVK
dq203LXXpFquqb5bMvu6M3P9w87NYNLnoKC1nLXQ37Ai1wuFEHO2hgdN2vcTswMP
CrPnRWv0NpRmpbcD/Fdr
=NlCI
-----END PGP SIGNATURE-----
--- End Message ---
