Your message dated Mon, 18 Jan 2016 12:35:06 +0000
with message-id <e1al91w-00025k...@franck.debian.org>
and subject line Bug#800566: fixed in nvidia-graphics-drivers 346.96-1
has caused the Debian Bug report #800566,
regarding nvidia-graphics-drivers: CVE-2015-5950 Memory corruption due to an
unsanitized pointer in the NVIDIA display driver
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
800566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800566
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nvidia-graphics-drivers
Version: 304.22-1
Severity: serious
Tags: security
https://nvidia.custhelp.com/app/answers/detail/a_id/3763
A vulnerability has been found in the NVIDIA driver that could be used
to allow a local, non-privileged user to corrupt kernel memory. This
could be used to gain local root privileges.
A local user can issue a specially crafted IOCTL to write a 32-bit
integer value stored in the kernel driver to a user-specified memory
location, potentially in the kernel address space. The user has a
limited ability to influence the value of the integer that is written.
Exploit Scope and Risk:
This issue is present on Windows and Linux operating systems and affects
all currently supported NVIDIA driver releases and all GPUs. This issue
does not affect Android-based NVIDIA Tegra products.
Branch 1st version including the fix
R304 304.128
R340 340.93
R352 352.41
Andreas
--- End Message ---
--- Begin Message ---
Source: nvidia-graphics-drivers
Source-Version: 346.96-1
We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 800...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Jan 2016 12:50:19 +0100
Source: nvidia-graphics-drivers
Binary: nvidia-driver nvidia-driver-bin xserver-xorg-video-nvidia
libgl1-nvidia-glx libgl1-nvidia-glx-i386 libegl1-nvidia libgles1-nvidia
libgles2-nvidia libnvidia-eglcore nvidia-alternative nvidia-kernel-support
nvidia-kernel-dkms nvidia-kernel-source nvidia-vdpau-driver nvidia-smi
nvidia-cuda-mps libcuda1 libcuda1-i386 libnvidia-compiler libnvcuvid1
libnvidia-encode1 libnvidia-ifr1 libnvidia-fbc1 libnvidia-ml1
nvidia-opencl-common nvidia-opencl-icd nvidia-libopencl1 nvidia-detect
Architecture: source
Version: 346.96-1
Distribution: unstable
Urgency: low
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Description:
libcuda1 - NVIDIA CUDA Driver Library
libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc}
libegl1-nvidia - NVIDIA binary EGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx - NVIDIA binary OpenGL libraries${nvidia:LegacyDesc}
libgl1-nvidia-glx-i386 - NVIDIA binary OpenGL 32-bit
libraries${nvidia:LegacyDesc}
libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x libraries${nvidia:LegacyDesc}
libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x libraries${nvidia:LegacyDesc}
libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library
libnvidia-compiler - NVIDIA runtime compiler library
libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc}
libnvidia-encode1 - NVENC Video Encoding runtime library
libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime library
libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime library
libnvidia-ml1 - NVIDIA Management Library (NVML) runtime library
nvidia-alternative - allows the selection of NVIDIA as GLX provider
nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS)
nvidia-detect - NVIDIA GPU detection utility
nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc}
nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc}
nvidia-kernel-dkms - NVIDIA binary kernel module DKMS
source${nvidia:LegacyDesc}
nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
nvidia-kernel-support - NVIDIA binary kernel module support
files${nvidia:LegacyDesc}
nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library
nvidia-opencl-common - NVIDIA OpenCL driver
nvidia-opencl-icd - NVIDIA OpenCL installable client driver (ICD)
nvidia-smi - NVIDIA System Management Interface
nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA
driver
xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 800566 811349
Changes:
nvidia-graphics-drivers (346.96-1) unstable; urgency=low
.
* New upstream release 346.96 (2015-09-01). (Closes: #811349)
* Fixed CVE-2015-5950: Memory corruption due to an unsanitized pointer.
(Closes: #800566)
- Added support for the following GPU: Tesla K80.
* New upstream release 346.87 (2015-07-21).
- Added support for the following GPU: GeForce 910M.
* New upstream release 346.82 (2015-06-23).
- Added support for the following GPUs: Tesla K40t, GeForce 720A,
GeForce 920A, GeForce 930A, GeForce 940A, GeForce GTX 950A,
GeForce GTX 980 Ti.
* Merge changes from 343.36-3.
* Update nv-readme.ids.
* UVM is no longer available on 32-bit architectures.
* Use nvidia-drm-outputclass.conf as shipped by NVIDIA.
* d/module/debian/rules: Explicitly copy Module.symvers from the nvidia.ko
kernel module for use by the nvidia-uvm.ko module, since the dependencies
in Kbuild seem not to work in all cases.
* Add armhf specific symbols.
* Upload to unstable.
Checksums-Sha1:
b1356e4d03bdc56d828e9e7dfd4877705611baf2 4529
nvidia-graphics-drivers_346.96-1.dsc
2823f90954820d71124c7acfa21de997807590cc 137155316
nvidia-graphics-drivers_346.96.orig.tar.gz
003f36d3064305b255df001533f7f0773517e607 135288
nvidia-graphics-drivers_346.96-1.debian.tar.xz
Checksums-Sha256:
842e1d04723724cc662b3d7641b4040c0bb5125214839d6be64f2da6660745a4 4529
nvidia-graphics-drivers_346.96-1.dsc
f2f8e91f7d885116a88aa732392ab58c49c09b2f3a3b8420ff1cb8cc2f1b4332 137155316
nvidia-graphics-drivers_346.96.orig.tar.gz
bcf3324d7d1a31b799dfbd05847806c09f4773d58d64d99fec2fe1d0e0224689 135288
nvidia-graphics-drivers_346.96-1.debian.tar.xz
Files:
c48124ae1165337c3227076e6824534a 4529 non-free/libs optional
nvidia-graphics-drivers_346.96-1.dsc
7ccbf78c086d7bace9fa8107ba685c83 137155316 non-free/libs optional
nvidia-graphics-drivers_346.96.orig.tar.gz
d66e95512a31ec0563598fc522d01000 135288 non-free/libs optional
nvidia-graphics-drivers_346.96-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWnNjhAAoJEF+zP5NZ6e0Ib1UP/2U0cyKK/KmgWO+hjxZ61f7E
yjACmeqeQjKoCahAUDE0Iod+59trVQVXq3b2Knh4nZU+zCbTiQoYG8fgAflovDhB
+TgWBHpz9d/TkDVmq0vNBIgR98yEsaC2LK5ta+OkQ5+qYUPCTC/75dcM5WfHD4mE
73nyUC2/Ar/203x5XMUIr8OHdQUxTetDh4NP8fCnnQVQqCYXpPRPZ3sNgqVJQ7dD
cniUJGIYxNeIBvdnlc/wma7sJa/fcirtXRD8HQgASv7WaDgp/K1FsLq4AcCTAVbI
s1KW55fAjfhW1FjlZgHbqzrtEk/HwNrN6l60lsz0nbwKE+fqxZzEgijgBZ7Zimwf
O/9QKMFmlVtFZDS2ATDitxYSJkoPzJxvdun+bTTasYuEEZdbnfAkPs8g4iG7lsse
NYjBFwSruwrb94b4C4VAM6HwIntSxwQc34sbiMRODAdpLMld9SF+oWp6YU4A2WWd
NlRYCS82eiQ25/RjB7HLe2Ch8WJJ7w6uRSHUs0guG4bYm0RRfgvnrEYyj4jSX2Pi
q5qw6CMXMIN42YYEUPHSWncPFXINxQJw1lVIC+ThUtewjt5zk5jEB/DMflG2Bp/6
zVJHuudyc8tWmY9tgDN54Wbh1r7+giGmRn4n7BE1BvhE+3ZGuqMzqEVea0IzgKoR
H2mFQm29phKTdclegLh3
=O4JZ
-----END PGP SIGNATURE-----
--- End Message ---