Bug#846331: marked as done (nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing permissions check and improper validation vulnerability)

Fri, 06 Jan 2017 13:22:28 -0800 

Your message dated Fri, 06 Jan 2017 21:17:38 +0000
with message-id <e1cpbtk-0002jd...@fasolo.debian.org>
and subject line Bug#846331: fixed in nvidia-graphics-drivers 340.101-1
has caused the Debian Bug report #846331,
regarding nvidia-graphics-drivers: CVE-2016-7382, CVE-2016-7389: missing 
permissions check and improper validation vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
846331: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846331
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3
Control: reassign -2 nvidia-graphics-drivers-legacy-340xx
Control: reassign -3 nvidia-graphics-drivers-legacy-304xx
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2016-7382, 
CVE-2016-7389: missing permissions check and improper validation vulnerability
Control: retitle -3 nvidia-graphics-drivers-legacy-304xx: CVE-2016-7382, 
CVE-2016-7389: missing permissions check and improper validation vulnerability
Control: close -1 367.57-1
Control: close -2 340.98-1
Control: close -3 304.132-1

http://nvidia.custhelp.com/app/answers/detail/a_id/4246

CVE-2016-7382

NVIDIA GPU Display Driver contains a vulnerability in the kernel mode
layer (nvidia.ko) handler where a missing permissions check may allow
users to gain access to arbitrary physical memory, leading to an
escalation of privileges.

CVE-2016-7389

NVIDIA GPU Display Driver on Linux contains a vulnerability in the
kernel mode layer (nvidia.ko) handler for mmap() where improper input
validation may allow users to gain access to arbitrary physical memory,
leading to an escalation of privileges.

Fixed versions:

R370    370.28
R367    367.55
R340    340.98
R304    304.132


Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers
Source-Version: 340.101-1

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 846...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated nvidia-graphics-drivers 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 04 Jan 2017 13:31:29 +0100
Source: nvidia-graphics-drivers
Binary: nvidia-driver nvidia-driver-bin nvidia-glx xserver-xorg-video-nvidia 
libgl1-nvidia-glx libgl1-nvidia-glx-i386 libegl1-nvidia libgles1-nvidia 
libgles2-nvidia libnvidia-eglcore nvidia-alternative nvidia-kernel-dkms 
nvidia-kernel-source nvidia-vdpau-driver nvidia-smi nvidia-cuda-mps libcuda1 
libcuda1-i386 libnvidia-compiler libnvcuvid1 libnvidia-encode1 libnvidia-ifr1 
libnvidia-fbc1 libnvidia-ml1 nvidia-opencl-common nvidia-opencl-icd 
nvidia-libopencl1 nvidia-detect
Architecture: source
Version: 340.101-1
Distribution: jessie
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Description:
 libcuda1   - NVIDIA CUDA Driver Library${nvidia:LegacyDesc}
 libcuda1-i386 - NVIDIA CUDA 32-bit runtime library${nvidia:LegacyDesc}
 libegl1-nvidia - NVIDIA binary EGL library${nvidia:LegacyDesc}
 libgl1-nvidia-glx - NVIDIA binary OpenGL/GLX libraries${nvidia:LegacyDesc}
 libgl1-nvidia-glx-i386 - NVIDIA binary OpenGL/GLX 32-bit 
libraries${nvidia:LegacyDesc}
 libgles1-nvidia - NVIDIA binary OpenGL|ES 1.x library${nvidia:LegacyDesc}
 libgles2-nvidia - NVIDIA binary OpenGL|ES 2.x library${nvidia:LegacyDesc}
 libnvcuvid1 - NVIDIA CUDA Video Decoder runtime library${nvidia:LegacyDesc}
 libnvidia-compiler - NVIDIA runtime compiler library${nvidia:LegacyDesc}
 libnvidia-eglcore - NVIDIA binary EGL core libraries${nvidia:LegacyDesc}
 libnvidia-encode1 - NVENC Video Encoding runtime library${nvidia:LegacyDesc}
 libnvidia-fbc1 - NVIDIA OpenGL-based Framebuffer Capture runtime 
library${nvidia:L
 libnvidia-ifr1 - NVIDIA OpenGL-based Inband Frame Readback runtime 
library${nvidia
 libnvidia-ml1 - NVIDIA Management Library (NVML) runtime 
library${nvidia:LegacyDe
 nvidia-alternative - allows the selection of NVIDIA as GLX 
provider${nvidia:LegacyDesc
 nvidia-cuda-mps - NVIDIA CUDA Multi Process Service (MPS)
 nvidia-detect - NVIDIA GPU detection utility
 nvidia-driver - NVIDIA metapackage${nvidia:LegacyDesc}
 nvidia-driver-bin - NVIDIA driver support binaries${nvidia:LegacyDesc}
 nvidia-glx - transition to ${nvidia}-driver
 nvidia-kernel-dkms - NVIDIA binary kernel module DKMS 
source${nvidia:LegacyDesc}
 nvidia-kernel-source - NVIDIA binary kernel module source${nvidia:LegacyDesc}
 nvidia-libopencl1 - NVIDIA OpenCL ICD Loader library
 nvidia-opencl-common - NVIDIA OpenCL driver - common files
 nvidia-opencl-icd - NVIDIA OpenCL installable client driver 
(ICD)${nvidia:LegacyDesc}
 nvidia-smi - NVIDIA System Management Interface${nvidia:LegacyDesc}
 nvidia-vdpau-driver - Video Decode and Presentation API for Unix - NVIDIA 
driver${nvidi
 xserver-xorg-video-nvidia - NVIDIA binary Xorg driver${nvidia:LegacyDesc}
Closes: 846331 848195 848514
Changes:
 nvidia-graphics-drivers (340.101-1) jessie; urgency=medium
 .
   * New upstream legacy 340xx branch release 340.101 (2016-12-14).
     * Fixed CVE-2016-8826.  (Closes: #848195)
     * Improved compatibility with recent Linux kernels.
   * New upstream legacy 340xx branch release 340.98 (2016-09-26).
     * Fixed CVE-2016-7382, CVE-2016-7389.  (Closes: #846331)
     - Added support for the screen_info.ext_lfb_base field, on kernels that
       have it, in order to properly handle UEFI framebuffer consoles with
       physical addresses above 4GB.
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Stop special-casing of the nvidia-alternative substitution (352.79-6).
   * rules: Drop support for ancient .run layout (352.79-4).
   * nvidia-detect: Drop support for lenny and squeeze(-lts) (EoL) (352.79-5).
   * Do not run dh_strip_nondeterminism, it may perform modifications not
     permitted by the NVIDIA license (340.96-4).
   * Use #!armhf# and #HAS_UVM# substitutions as in unstable (340.76-5).
   * Add slave alternative for libnvcuvid.so (340.96-3).
   * rules, rules.defs: Synchronize variable naming with unstable (352.79-3).
   * rules, control: Synchronize substvars with unstable (352.79-3).
   * get-orig-source: Synchronize with unstable (352.79-3).
   * get-orig-source: Generate .orig-$ARCH.tar.gz for each architecture
     (358.16-1).
   * control: Synchronize descriptions with unstable.
   * bug-script: Synchronize with unstable (352.79-3).
   * bug-control.mk: New script to generate bug-control (352.79-4).
   * bug-control, bug-script: Collect some information about OpenCL (352.79-6).
   * Use an empty nvidia:legacy-check substvar for legacy packages (352.79-6).
   * separate-makefile-kbuild.patch: New, don't make all Makefile targets
     available to Kbuild (352.79-6).
   * KERNEL_UNAME.patch: New, allow usage of KERNEL_UNAME as in 355.xx onwards
     (352.79-6).
   * use-kbuild-compiler.patch: New patch to build with Kbuild's version of the
     compiler instead of system default, thanks to Luca (352.79-2).
   * Use NVIDIA's conftest.sh script to determine settings during module build
     instead of our manually maintained conftest.h header (352.79-2).
   * conftest-verbose.patch: New patch to dump dynamically generated conftest
     headers (352.79-2).
   * conftest-via-kbuild.patch: New patch to call conftest.sh from within
     kbuild (and therefore with kbuild's compiler and flags) as in 355.xx
     (352.79-2).
   * use-kbuild-flags.patch: New, use KBUILD_CFLAGS from Kbuild to
     support building a 64-bit kernel module with 32-bit userspace (352.79-5).
   * build-sanity-checks.patch: New, handle the conftest.sh sanity checks in
     the modernized module build system (352.79-6).
   * disable-cc_version_check.patch: New patch to disable a useless check that
     tests the running kernel instead of the compilation target.
   * disable-preempt_rt_sanity_check.patch: New patch to disable a check we
     already skipped in our conftest.h (352.79-2).
   * Pass only the kernel version via KERNEL_UNAME and let the module build
     system figure out the paths (352.79-2).
   * Clear ARCH variable from environment before module build, thanks to Luca
     (352.79-2, 352.79-5).
   * arm-outer-sync.patch: New patch to fix armhf kernel module build for
     Linux 4.3, thanks to Luca (340.93-5).
   * ignore_xen_on_arm.patch: Update to add workaround for conftest.sh to fix
     kernel module build failure on armhf by forcing XEN_PRESENT=0 when
     building on armhf, thanks to Luca (352.79-2).
   * nvidia-detect: Update list of newer PCI IDs from release 375.26.
   * Add B-D: dpkg-dev (>= 1.17) for dpkg-parsechangelog --show-field
     (352.79-6).
   * Build libnvidia-encode1 and libnvidia-ifr1 for armhf, too (352.79-10).
   * Stop shipping unused pci.ids file (352.21-1).
   * control: Synchronize descriptions with unstable (370.28-2).
   * Add xorg-video-abi-23 as alternative dependency (375.20-1).
   * nvidia-alternative: Restrict Depends: glx-alternative-nvidia to (<< 0.7).
     Uploading a new upstream legacy release to stable will invalidate package
     relationships in unstable, thus permitting some (partial) upgrade paths
     that will fail.
   * Bump Standards-Version to 3.9.8. No changes needed.
   * Update lintian overrides.
   * Upload to jessie.
 .
   [ Luca Boccassi ]
   * Add drm-driver-legacy.patch to fix nvidia kernel module load issue on
     Linux 4.9 and newer.  (Closes: #848514)
Checksums-Sha1:
 bf002a22dd6e8ac5ad76a4d29d1d9fd348e354e7 5474 
nvidia-graphics-drivers_340.101-1.dsc
 3533acd4d14968011033cd40f47e664135ff8c10 70009399 
nvidia-graphics-drivers_340.101.orig-amd64.tar.gz
 61e8eb0b127ba8a39b6069c1b9805a93338b9025 23546147 
nvidia-graphics-drivers_340.101.orig-armhf.tar.gz
 d53ecf2b96456ecafc2f87b31122bd4bfbcca4e8 38897547 
nvidia-graphics-drivers_340.101.orig-i386.tar.gz
 1e57c4d4e1c72bcbd0e69ef8d9f296798f7bee42 137 
nvidia-graphics-drivers_340.101.orig.tar.gz
 1ffc3316cd5dcec606fa3c4a4c5e193ea864a87c 122840 
nvidia-graphics-drivers_340.101-1.debian.tar.xz
Checksums-Sha256:
 a2560ba5fcd215b63c770f10da0c4666e207aa814632e0213f4497f7d68ff544 5474 
nvidia-graphics-drivers_340.101-1.dsc
 28a0bb718f8e4be0e49e999f8c23ba4baa891e63b0149c4726cb20fc88ca5517 70009399 
nvidia-graphics-drivers_340.101.orig-amd64.tar.gz
 33f821bb7ddb08be1c6213d5a1e354c318ff1656a78d34477f1bf16caf671110 23546147 
nvidia-graphics-drivers_340.101.orig-armhf.tar.gz
 42ce00009e1e8e36507bc85d77775c53bc1304c2b643d73a7e0074831ce26b55 38897547 
nvidia-graphics-drivers_340.101.orig-i386.tar.gz
 479592e91b4cfa126b76fcef069d46052dc40475aec893ebb5077736e60c8763 137 
nvidia-graphics-drivers_340.101.orig.tar.gz
 8822dadbed20e810a27fe94bb3c5803a608f2dced8325c61bb0b77a0abd9b069 122840 
nvidia-graphics-drivers_340.101-1.debian.tar.xz
Files:
 9e13e4617f85614c019c3b1ec476f8ce 5474 non-free/libs optional 
nvidia-graphics-drivers_340.101-1.dsc
 f7ce2c6930bb06406eb25a839566dd70 70009399 non-free/libs optional 
nvidia-graphics-drivers_340.101.orig-amd64.tar.gz
 3b6a4e26c217e7302059853088acf308 23546147 non-free/libs optional 
nvidia-graphics-drivers_340.101.orig-armhf.tar.gz
 ebbecaff80c71d70c5fed12051c001d0 38897547 non-free/libs optional 
nvidia-graphics-drivers_340.101.orig-i386.tar.gz
 8165ff6cc5837bdb6a1e07ffa71326d1 137 non-free/libs optional 
nvidia-graphics-drivers_340.101.orig.tar.gz
 f2de0878dae2ba00ade42f2d94c80d2f 122840 non-free/libs optional 
nvidia-graphics-drivers_340.101-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYbPBpAAoJEF+zP5NZ6e0IMDYP/3p/vOL5AlGW8yFN7yhvXIW/
P5ZvkbyCMHQSiA1EsgUK4bpeJGuSBd+0fNnnvYrKD1UEqLxsUeqzqca06Plrh9jg
dmy/OFKgLAH4rStG/VEbGWtsjUzka8Ku33czy9g+ouDijkIu7n3DUIcTfpyKNco6
VWe20Q0/YOIilcKxg9x2KWRJ1SS6G3l1qNZO4VyXTaPxtMI+qM4ADYsEFMfJTya8
8AueH+mnaEiU7nSJ8AipJhITga/1RTo2fOyQjNTgVSeGTIWEtQAP6ebLSjqtkf9G
vkCVKbaxdvbALoyE3lLydJ0FIeUYXy7d0O/3DeQokYC/54kwGmv7sWm1oos003Hd
bSBC0YpKELpF2+rTaZtGHIRVQ5VGEgL5+a/3kJxp1Rj0pZdLQt+DOulaknwlj2vu
uD6Qzxe0XufTjLBDfwuK7EoiH7C/Is8G7CYwEmnTgcbwYNUQDFqjS/wf7nRP9DO+
AVlwnH7FtSJDsS3amwi79IhBflvLJWpa+t2qsrX3eDHBAqE4vjp45+0U4TR21Dh/
fTmjgMdXDRJivCWJRF6XTBz3bUvIxpfuErH1v0onAYUJnPk3+djXpC6s81M6IShh
M1oUGNK7G+ZyL5JekolBezKEO5PfiEJynclg0wHhNxhUGt6m0bV1ikQg2qdMfEVC
1+IGhBV5VvwD7RCPXCJ3
=3+da
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to