Monthly Archives: November 2015

Ubuntu

USN-2814-1: NVIDIA graphics drivers vulnerability

Ubuntu Security Notice USN-2814-1

18th November, 2015

nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352, nvidia-graphics-drivers-352-updates vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

NVIDIA graphics drivers could be made to run programs as an administrator.

Software description

  • nvidia-graphics-drivers-304
    – NVIDIA binary X.Org driver

  • nvidia-graphics-drivers-304-updates
    – NVIDIA binary X.Org driver

  • nvidia-graphics-drivers-340
    – NVIDIA binary X.Org driver

  • nvidia-graphics-drivers-340-updates
    – NVIDIA binary X.Org driver

  • nvidia-graphics-drivers-352
    – NVIDIA binary X.Org driver

  • nvidia-graphics-drivers-352-updates
    – NVIDIA binary X.Org driver

Details

It was discovered that the NVIDIA graphics drivers incorrectly sanitized
user mode inputs. A local attacker could use this issue to possibly gain
root privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
nvidia-331 340.96-0ubuntu0.15.10.1
nvidia-346 352.63-0ubuntu0.15.10.1
nvidia-352 352.63-0ubuntu0.15.10.1
nvidia-346-updates 352.63-0ubuntu0.15.10.1
nvidia-340-updates 340.96-0ubuntu0.15.10.1
nvidia-340 340.96-0ubuntu0.15.10.1
nvidia-331-updates 340.96-0ubuntu0.15.10.1
nvidia-304 304.131-0ubuntu0.15.10.1
nvidia-304-updates 304.131-0ubuntu0.15.10.1
nvidia-352-updates 352.63-0ubuntu0.15.10.1
Ubuntu 15.04:
nvidia-331 340.96-0ubuntu0.15.04.1
nvidia-346 352.63-0ubuntu0.15.04.1
nvidia-352 352.63-0ubuntu0.15.04.1
nvidia-346-updates 352.63-0ubuntu0.15.04.1
nvidia-340-updates 340.96-0ubuntu0.15.04.1
nvidia-340 340.96-0ubuntu0.15.04.1
nvidia-331-updates 340.96-0ubuntu0.15.04.1
nvidia-304 304.131-0ubuntu0.15.04.1
nvidia-304-updates 304.131-0ubuntu0.15.04.1
nvidia-352-updates 352.63-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
nvidia-331 340.96-0ubuntu0.14.04.1
nvidia-346 352.63-0ubuntu0.14.04.1
nvidia-352 352.63-0ubuntu0.14.04.1
nvidia-346-updates 352.63-0ubuntu0.14.04.1
nvidia-340-updates 340.96-0ubuntu0.14.04.1
nvidia-340 340.96-0ubuntu0.14.04.1
nvidia-331-updates 340.96-0ubuntu0.14.04.1
nvidia-304 304.131-0ubuntu0.14.04.1
nvidia-304-updates 304.131-0ubuntu0.14.04.1
nvidia-352-updates 352.63-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
nvidia-331-updates 340.96-0ubuntu0.12.04.1
nvidia-304 304.131-0ubuntu0.12.04.1
nvidia-304-updates 304.131-0ubuntu0.12.04.1
nvidia-340-updates 340.96-0ubuntu0.12.04.1
nvidia-340 340.96-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-7869

NVD

CVE-2015-4112 (enterprise_server)

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a “cross frame scripting” issue.