Bug#1072792: marked as done (nvidia-graphics-drivers: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092)

Debian Bug Tracking System Thu, 20 Jun 2024 11:51:24 -0700

Your message dated Thu, 20 Jun 2024 18:47:44 +0000
with message-id <e1skmoy-00bu2s...@fasolo.debian.org>
and subject line Bug#1072792: fixed in nvidia-graphics-drivers-tesla-470 
470.256.02-1~deb11u1
has caused the Debian Bug report #1072792,
regarding nvidia-graphics-drivers: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1072792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072792
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2024-0090, 
CVE-2024-0092
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2024-0090, 
CVE-2024-0092
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2024-0090, 
CVE-2024-0092
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2024-0090, 
CVE-2024-0092
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2024-0090, 
CVE-2024-0092
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2024-0090, 
CVE-2024-0092
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2024-0090, CVE-2024-0092
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2024-0090, 
CVE-2024-0091, CVE-2024-0092
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -9 555.42.02-1
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: found -1 555.42.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5551

CVE-2024-0090   NVIDIA GPU driver for Windows and Linux contains a
vulnerability where a user can cause an out-of-bounds write. A
successful exploit of this vulnerability might lead to code execution,
denial of service, escalation of privileges, information disclosure, and
data tampering.

CVE-2024-0091   NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where a user can cause an untrusted pointer dereference
by executing a driver API. A successful exploit of this vulnerability
might lead to denial of service, information disclosure, and data
tampering.

CVE-2024-0092   NVIDIA GPU Driver for Windows and Linux contains a
vulnerability where an improper check or improper handling of exception
conditions might lead to denial of service.

Linux Driver Branch     CVE IDs Addressed
R555, R550              CVE-2024-0090, CVE-2024-0091, CVE-2024-0092
R535, R470              CVE-2024-0090, CVE-2024-0092

Driver Branch   Affected Driver Versions                        Updated Driver 
Version
R555            All driver versions prior to 555.52.04          555.52.04
R550            All driver versions prior to 550.90.07          550.90.07
R535            All driver versions prior to 535.183.01         535.183.01
R470            All driver versions prior to 470.256.02         470.256.02


Andreas

--- End Message ---

--- Begin Message ---

Source: nvidia-graphics-drivers-tesla-470
Source-Version: 470.256.02-1~deb11u1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-tesla-470, which is due to be installed in the Debian 
FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1072...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-tesla-470 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 Jun 2024 13:19:12 +0200
Source: nvidia-graphics-drivers-tesla-470
Architecture: source
Version: 470.256.02-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1072792 1072798
Changes:
 nvidia-graphics-drivers-tesla-470 (470.256.02-1~deb11u1) bullseye; 
urgency=medium
 .
   * Rebuild for bullseye.
 .
 nvidia-graphics-drivers-tesla-470 (470.256.02-1~deb12u1) bookworm; 
urgency=medium
 .
   * Rebuild for bookworm.
 .
 nvidia-graphics-drivers-tesla-470 (470.256.02-1) unstable; urgency=medium
 .
   * New upstream LTS and Tesla branch release 470.256.02 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072798)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause the X server to crash when graphics
       applications requested single-buffered drawables while certain
       features (such as Vulkan sharpening) are enabled.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
 .
 nvidia-graphics-drivers (470.256.02-1) bullseye; urgency=medium
 .
   * New upstream LTS and Tesla branch release 470.256.02 (2024-06-04).
     * Fixed CVE-2024-0090, CVE-2024-0092.  (Closes: #1072792)
       https://nvidia.custhelp.com/app/answers/detail/a_id/5551
     - Fixed a bug that could cause the X server to crash when graphics
       applications requested single-buffered drawables while certain
       features (such as Vulkan sharpening) are enabled.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * xserver-xorg-video-nvidia: Recommend nvidia-vulkan-icd.
   * Move the libnvidia-glvkspirv dependency to libnvidia-(e)glcore.
     (Cf. #1064194)
   * Bump Standards-Version to 4.7.0. No changes needed.
   * Upload to bullseye.
Checksums-Sha1:
 d8210b617fc85b3ad1d8cc22192aa785b6b4c680 8024 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1.dsc
 a50a67ce50343aeebd97fd8555794deaec95d31b 214352 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1.debian.tar.xz
 56aa4107855ac814e275874085a9e65faa251173 8571 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1_source.buildinfo
Checksums-Sha256:
 886c08bce579440c8cd0234e7c8c99189148011e0a85689912dc7e4553605571 8024 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1.dsc
 d2c0d76c8e7d77013f4efb15d0320d4c92cf4f356a25c7a503f512720962473d 214352 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1.debian.tar.xz
 4278684d3bac78965d104061caa4bf8a22d54b863ce7c4e8e38511eaec1863e3 8571 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1_source.buildinfo
Files:
 d2244845fde0d44da8bf57491f623105 8024 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1.dsc
 fac6d99399c0185f7c1c2e5b8baf1ffe 214352 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1.debian.tar.xz
 10d5e649e6c7255d09ea8b73cd67163b 8571 non-free/libs optional 
nvidia-graphics-drivers-tesla-470_470.256.02-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmZyv24QHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCHnZD/9zu0YCuX1n8I8oOnbMUxvEazREfpaR+jDV
7YAC/+GE/w6L2DIjQq3ZkZNAnJVyGJfj+TN1LIhhLB2TByxgp1fX1u9eeVvXl5va
9r+OkP/QT5tv1cGjC0IqTQcjWAoQXtA7PiddknyZvWr1FTWrMHHrG+mE7NOHmbSW
av0oQkTDyfK/jYyn60XKMvD+XManeCcDzAND9+yLsRrvu0IwTNokmBacrkxEo1PP
/Ne/O4S4bB4qN8VtyDRQO6HV6kNk5jPTfpKWbx2T3HclMHTA1MQLRcgbChdwJ0iZ
8dqx6t/8JE3LGGT5STZMBi1k3xIH28aZLvq6uhjq9cRRSmE9wdBrtS0p9IOp7ACX
m+jvQbJrVSk5OM+8Mm5H8Zvu7VXaD/W8jUQB3/u7PgGBHgDrYQpS1BCl8YBRi7DT
2IdemsYJuTqV39x8reqB2i2SdNeK5IsLM7UVGzkLh9JCPYLJSsMPe5OREspvdF3L
rocpxaXRpGkcBZyXQ8Jx8/psp2sxhtVeued0C2wREi95FWKFcVRrk6YVOALnNCqt
eXNH9hdagIBgKHurSFh5hN170BcyvBkXnyah9cI56DPty1H7B4FKCqdQPkhKuEmj
Fs8ygrO3Bb6yFCT1fTKcS8Vp/M0rM3eyrnFefsRIOBF8cEH/K3Cp/hT7MR1ASi+9
hk6Zci12mg==
=ogoJ
-----END PGP SIGNATURE-----

pgpBKXSegRiMh.pgp
Description: PGP signature

--- End Message ---

Bug#1072792: marked as done (nvidia-graphics-drivers: CVE-2024-0090, CVE-2024-0091, CVE-2024-0092)

Reply via email to