On Thu, 16 Feb 2017 11:50:27 +0100 Andreas Beckmann <a...@debian.org> wrote: > Source: nvidia-graphics-drivers > Version: 343.22-1 > Severity: serious > Tags: security > Control: found -1 1.0.4363-1 > Control: found -1 310.14-1 > Control: clone -1 -2 -3 > Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6 > Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2017-0309, > CVE-2017-0310, CVE-2017-0311, CVE-2017-0321, CVE-2017-0318 > Control: reassign -3 src:nvidia-graphics-drivers-legacy-304xx 304.108-2 > Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2017-0309, > CVE-2017-0310, CVE-2017-0311, CVE-2017-0321, CVE-2017-0318 > > http://nvidia.custhelp.com/app/answers/detail/a_id/4398 > > CVE-2017-0309 > > NVIDIA GPU Display Driver contains a vulnerability in the kernel mode > layer handler where multiple integer overflows may cause improper memory > allocation, which may lead to a denial of service or potential > escalation of privileges. > > CVE-2017-0310 > > NVIDIA GPU Display Driver contains a vulnerability in the kernel mode > layer handler where improper access controls allow an unprivileged user > to cause a denial of service. > > CVE-2017-0311 > > NVIDIA GPU Display Driver contains a vulnerability in the kernel mode > layer handler where improper access control may lead to a denial of > service or possible escalation of privileges. > > CVE-2017-0321 > > NVIDIA GPU Display Driver contains a vulnerability in the kernel mode > layer handler where a NULL pointer dereference caused by invalid user > input may lead to a denial of service or potential escalation of > privileges. > > CVE-2017-0318 > > NVIDIA Linux GPU Display Driver contains a vulnerability in the kernel > mode layer handler where improper validation of an input parameter may > cause a denial of service on the system. > > > Andreas
It did look very suspicious that they released all those new versions all at the same time, and with a one-line changelog for 340.xx and 304.xx... Now I see why! I assume we'll get an exception for Stretch, but I'd still like to keep the new patches to support kernel 4.10, do you think that's all right? Work on 304 and 340 is done in the respective branches (haven't ran 340 yet, just tested modules builds). I'll finish working on 375 tonight and give both a spin. Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part