It looks like only the -173 drivers still have open tasks, however the
-173 in precise (173.14.35-0ubuntu0.2) does include this security fix.
It looks like the bug # and CVE was not included in the changelog, so
presumably that's why the tasks didn't close. I'm going to go ahead and
assume this is all resolved and close out the remaining tasks.
** Changed in: nvidia-graphics-drivers-173 (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: nvidia-graphics-drivers-173 (Ubuntu Precise)
Status: Confirmed => Fix Released
** Changed in: nvidia-graphics-drivers-173-updates (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: nvidia-graphics-drivers-173-updates (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nvidia-graphics-drivers in Ubuntu.
https://bugs.launchpad.net/bugs/959842
Title:
root escalation via /dev/nvidia0
Status in “nvidia-graphics-drivers” package in Ubuntu:
Fix Released
Status in “nvidia-graphics-drivers-173” package in Ubuntu:
Fix Released
Status in “nvidia-graphics-drivers-173-updates” package in Ubuntu:
Fix Released
Status in “nvidia-graphics-drivers-updates” package in Ubuntu:
Fix Released
Status in “nvidia-graphics-drivers” source package in Lucid:
Fix Released
Status in “nvidia-graphics-drivers-173” source package in Lucid:
Fix Released
Status in “nvidia-graphics-drivers-173-updates” source package in Lucid:
Fix Released
Status in “nvidia-graphics-drivers-updates” source package in Lucid:
Fix Released
Status in “nvidia-graphics-drivers” source package in Natty:
Fix Released
Status in “nvidia-graphics-drivers-173” source package in Natty:
Fix Released
Status in “nvidia-graphics-drivers-173-updates” source package in Natty:
Fix Released
Status in “nvidia-graphics-drivers-updates” source package in Natty:
Fix Released
Status in “nvidia-graphics-drivers” source package in Oneiric:
Fix Released
Status in “nvidia-graphics-drivers-173” source package in Oneiric:
Fix Released
Status in “nvidia-graphics-drivers-173-updates” source package in Oneiric:
Fix Released
Status in “nvidia-graphics-drivers-updates” source package in Oneiric:
Fix Released
Status in “nvidia-graphics-drivers” source package in Precise:
Fix Released
Status in “nvidia-graphics-drivers-173” source package in Precise:
Fix Released
Status in “nvidia-graphics-drivers-173-updates” source package in Precise:
Fix Released
Status in “nvidia-graphics-drivers-updates” source package in Precise:
Fix Released
Bug description:
It was raised to me just now that there is a security issue with
/dev/nvidia0 where an unprivileged account can access kernel memory
and gain root access. An example exploit is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/959842/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
