On Wed, 30 Nov 2016 12:12:23 +0100 Andreas Beckmann <a...@debian.org> wrote: > Source: nvidia-graphics-drivers > Severity: serious > Tags: security upstream > Control: clone -1 -2 -3 > Control: reassign -2 nvidia-graphics-drivers-legacy-340xx > Control: reassign -3 nvidia-graphics-drivers-legacy-304xx > Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, > CVE-2016-7389: missing permissions check and improper validation vulnerability > Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, > CVE-2016-7389: missing permissions check and improper validation vulnerability > Control: close -1 367.57-1 > Control: close -2 340.98-1 > Control: close -3 304.132-1 > > http://nvidia.custhelp.com/app/answers/detail/a_id/4246 > > CVE-2016-7382 > > NVIDIA GPU Display Driver contains a vulnerability in the kernel mode > layer (nvidia.ko) handler where a missing permissions check may allow > users to gain access to arbitrary physical memory, leading to an > escalation of privileges. > > CVE-2016-7389 > > NVIDIA GPU Display Driver on Linux contains a vulnerability in the > kernel mode layer (nvidia.ko) handler for mmap() where improper input > validation may allow users to gain access to arbitrary physical memory, > leading to an escalation of privileges. > > Fixed versions: > > R370 370.28 > R367 367.55 > R340 340.98 > R304 304.132 > > > Andreas
This sounds nasty! Do we need to upload 340.98 to stable security? -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
