Your message dated Fri, 30 Oct 2015 16:17:06 +0000 with message-id <e1zscmu-00073x...@franck.debian.org> and subject line Bug#800566: fixed in nvidia-graphics-drivers 340.93-0+deb8u1 has caused the Debian Bug report #800566, regarding nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an unsanitized pointer in the NVIDIA display driver to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 800566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800566 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nvidia-graphics-drivers Version: 304.22-1 Severity: serious Tags: security https://nvidia.custhelp.com/app/answers/detail/a_id/3763 A vulnerability has been found in the NVIDIA driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges. A local user can issue a specially crafted IOCTL to write a 32-bit integer value stored in the kernel driver to a user-specified memory location, potentially in the kernel address space. The user has a limited ability to influence the value of the integer that is written. Exploit Scope and Risk: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android-based NVIDIA Tegra products. Branch 1st version including the fix R304 304.128 R340 340.93 R352 352.41 Andreas
--- End Message ---
--- Begin Message ---Source: nvidia-graphics-drivers Source-Version: 340.93-0+deb8u1 We believe that the bug you reported is fixed in the latest version of nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 800...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 15 Oct 2015 13:18:03 +0200 Source: nvidia-graphics-drivers Binary: nvidia-driver nvidia-driver-bin nvidia-glx xserver-xorg-video-nvidia libgl1-nvidia-glx libgl1-nvidia-glx-i386 libegl1-nvidia libgles1-nvidia libgles2-nvidia libnvidia-eglcore nvidia-alternative nvidia-kernel-dkms nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1 libcuda1-i386 libnvidia-compiler libnvcuvid1 libnvidia-encode1 libnvidia-ifr1 libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd nvidia-libopencl1 nvidia-detect Architecture: source Version: 340.93-0+deb8u1 Distribution: jessie Urgency: medium Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org> Changed-By: Andreas Beckmann <a...@debian.org> Description: libcuda1 - NVIDIA CUDA Driver Library libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc} libegl1-nvidia - NVIDIA binary EGL libraries${nvidia:LegacyDesc} libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc} libgl1-nvidia-glx-i386 - NVIDIA binary OpenGL 32-bit libraries${nvidia:LegacyDesc} libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc} libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc} libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library libnvidia-compiler - NVIDIA runtime compiler library libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc} libnvidia-encode1 - NVENC Video Encoding runtime library libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library nvidia-alternative - allows the selection of NVIDIA as GLX provider nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS) nvidia-detect - NVIDIA GPU detection utility nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc} nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc} nvidia-glx - transition to ${nvidia}-driver nvidia-kernel-dkms - NVIDIA binary kernel module DKMS source${nvidia:LegacyDesc} nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc} nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library nvidia-opencl-common - NVIDIA OpenCL driver nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD) nvidia-smi - NVIDIA System Management Interface nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA driver xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc} Closes: 778698 781810 792801 793386 794435 800566 Changes: nvidia-graphics-drivers (340.93-0+deb8u1) jessie; urgency=medium . * New upstream legacy 340xx branch release 340.93 (2015-09-02). * Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer. (Closes: #800566) - Fixed a bug that caused the X server to crash if an OpenGL application tried to allocate a drawable when GPU-accessible memory is exhausted. - Fixed a bug that could cause an Xid error when terminating a video playback application using the overlay presentation queue in VDPAU. - Fixed a rare deadlock condition when running applications that use OpenGL in multiple threads on a Quadro GPU. - Fixed a bug which caused truncation of the EGLAttribEXT value returned by eglQueryDeviceAttribEXT() on 64-bit systems. - Fixed a kernel memory leak that occurred when looping hardware- accelerated video decoding with VDPAU on Maxwell-based GPUs. - Fixed a bug that caused the X server to crash if a RandR 1.4 output provided by a Sink Output provider was selected as the primary output on X.Org xserver 1.17 and higher. - Fixed a bug that caused waiting on X Sync Fence objects in OpenGL to hang indefinitely in some cases. - Fixed a bug that prevented OpenGL from properly recovering from hardware errors or sync object waits that had timed out. * Improved compatibility with recent Linux kernels. * fixes-for-kernel-4.0.0.patch: Remove, fixed upstream. * conftest.h: - Implement new conftest.sh function nvidia_grid_build (352.41). * Update lintian overrides. * nvidia-driver-bin, libnvidia-compiler, libnvidia-eglcore, libgl1-nvidia-glx: Add Provides+Conflicts: $pkg-${nvidia:Version} to forbid co-installation with the respective legacy packages from the same upstream version due to file conflicts on versioned files that are not handled via alternatives. * bug-script: Report file information in arm-linux-gnueabihf directories. * bug-script: Collect information from /etc/modules{,-load.d/}. * bug-script: Report device node permissions. * bug-control, bug-script: Report information about CUDA libraries. * nvidia-detect: Update list of newer PCI IDs from release 346.87. * Merge changes from 304.128-1. . nvidia-graphics-drivers (340.76-4) unstable; urgency=medium . [ Andreas Beckmann ] * README.source: Document my schroot setup for testing module compilation. * Update lintian overrides. . [ Luca Boccassi ] * conftest.h: - dma_map_ops and dma_ops are available for PPC and ARM too * Add ignore_xen_on_arm.patch needed for dkms build on armhf: armmp kernel headers ship with CONFIG_XEN enabled, which breaks the build, so since running this driver on XEN is currently not supported, ignore the check for XEN in nv-linux.h as a workaround on arm, and also disable CONFIG_XEN and CONFIG_XEN_DOM0 if building on <= 3.16. (Closes: #794435) * README.source: Document armhf setup for testing module compilation. . nvidia-graphics-drivers (340.76-3) unstable; urgency=medium . [ Vincent Cheng ] * nvidia-detect: Detect stretch as supported suite, and parse -h as --help. (Closes: #792801) . [ Luca Boccassi ] * Fix nvidia-modprobe.conf module unload ordering, to stop nvidia-uvm getting stuck until a second modprobe -r nvidia-current is issued. Fix provided by Jö Fahlke. Thanks! (Closes: #793386) . [ Andreas Beckmann ] * Add Luca Boccassi to Uploaders. * nvidia-driver, nvidia-kernel-*: Report the latest tested Linux version that can build the kernel module in the package description. * conftest.h: - Fix conftest.sh function write_cr4. - Implement new conftest.sh functions backing_dev_info (346.82), phys_to_dma, dma_ops, get_dma_ops, noncoherent_swiotlb_dma_ops (352.09). - Implement new conftest.sh function dma_map_ops (352.30). - Reorder conftest.h to match conftest.sh. . nvidia-graphics-drivers (340.76-2) unstable; urgency=medium . * fixes-for-kernel-4.0.0.patch: New patch to add support for Linux 4.0, thanks to Jessie Frazelle. (Closes: #781810) * conftest.h: - Implement check for linux/log2.h (346.16). - Implement check for xen/ioemu.h (346.59). - Implement new conftest.sh functions write_cr4, xen_ioemu_inject_msi (346.59), list_cut_position (349.12). * Split some old UNRELEASED changelog entries to linearize the BTS history. . nvidia-graphics-drivers (340.76-1) unstable; urgency=medium . * New upstream legacy 340xx branch release 340.76 (2015-01-27). - Fixed a bug that caused frequent AMD-Vi page faults on systems with some AMD 8xx/9xx-series chipsets when used with some NVIDIA GPUs. - Fixed a regression that could cause system crashes when terminating the X server on systems with an NVIDIA Quadro SDI Capture card installed. - Fixed a bug that caused audio over HDMI to not work on some GPUs while using a display that supports HDMI 3D. * Improved compatibility with recent Linux kernels. (Closes: #778698) * nvidia-kernel-source: Use reproducible timestamps and file order inside /usr/src/nvidia-kernel.tar.xz. * conftest.h: - Implement new conftest.sh functions file_inode, drm_pci_set_busid (340.76). Checksums-Sha1: adcc2cb44be3ab2ac38e6f07856bcff480ec3539 4527 nvidia-graphics-drivers_340.93-0+deb8u1.dsc 63fd1787d6ff9a6ed1307015eb050e33536d33bd 131893148 nvidia-graphics-drivers_340.93.orig.tar.gz 09d4b20698c015e259136e0273707c0de6258baf 121924 nvidia-graphics-drivers_340.93-0+deb8u1.debian.tar.xz Checksums-Sha256: 91ea1f3cc98d34e02ec9e11591d64fd9f9edce148220edb5e532605cc410dfbb 4527 nvidia-graphics-drivers_340.93-0+deb8u1.dsc cb77bd1615d4ea0af9be7160a8c39b2a7b9c86e7fae16bc5f520bc6dcdb071e4 131893148 nvidia-graphics-drivers_340.93.orig.tar.gz fb79bf54a2710cf58994148e26c83cc26aaa21fbc3724767c056d2e7728f7a32 121924 nvidia-graphics-drivers_340.93-0+deb8u1.debian.tar.xz Files: 33a21d5cf1a76f2085fca519761e3e55 4527 non-free/libs optional nvidia-graphics-drivers_340.93-0+deb8u1.dsc b03a156887bb865d2cfac8c1a4fbb9c8 131893148 non-free/libs optional nvidia-graphics-drivers_340.93.orig.tar.gz f69ec269395c8618c79fde3846577848 121924 non-free/libs optional nvidia-graphics-drivers_340.93-0+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWH5KAAAoJEF+zP5NZ6e0IyTYP/2LXZTmVD/lr8DIE3cTCOYv1 15KiGhlzoJNF9JXW+bIVNN4OM/kBl7yR0jZZrAwpLYj44MnQaZxZXlxHfsa9PEZc 0Ktc4I6vAe1Pw20jFkPyM5VWjmXjaqWtt0CixQjkEYdaeGwXnwOiO+MpM9omwPlZ AC9dVAUPnZRs7g+0YVNciLQHe13bNqat82tZP87GGHLdCznS87jK5oGolKUD+QPS Z+VEFn11dxsZdMtm+iskxFAMS7PHF7z95AzcOspNLDeBteyOAr/tB2L1dz/65RX2 OO4U122RPpElLeQIcIJLx3hRiZGEMSuRSJQy5JbAo3RgcMJO+fIMKj98EvkLMYFJ x/ZGgs0IR5akjWvhxi8dfPe5q6XOVwQqyD/6Vq0FE+ffp787+SBc2QxeTGXU5lcS aX4qeSE5iTi46tnWyekAuIZAQx4LpD6P5FZCQAYYRbomQvxzTN+XkQvVTlK+haXa uDmm/WTo6A5AXak8WbSSnvSb8H10HQMmGZ4vdqcGHeoqh5V9qaeDikww6oZzYzMM 86DKLzEVgm266anNugEzfQpBm/qq0S8uPMdsIxaLxQhYU/eNQUvulsCmwoHOb9DO UPpa/hWtBJU4jCXuuib2YrEU29h1dsIAGhrJT3sw2WKNTYF7U9u1HFFRDniO5iVq UnWgRpc0rzGupjeTKtHI =pA6K -----END PGP SIGNATURE-----
--- End Message ---
