Monthly Archives: January 2017

Ubuntu

USN-3173-1: NVIDIA graphics drivers vulnerability

Ubuntu Security Notice USN-3173-1

17th January, 2017

nvidia-graphics-drivers-304 and nvidia-graphics-drivers-340 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

NVIDIA graphics drivers could be made to crash under certain conditions.

Software description

  • nvidia-graphics-drivers-304
    – NVIDIA binary X.Org driver

  • nvidia-graphics-drivers-340
    – NVIDIA binary X.Org driver

Details

It was discovered that the NVIDIA graphics drivers contained a flaw in the
kernel mode layer. A local attacker could use this issue to cause a denial of
service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
nvidia-331

340.101-0ubuntu0.16.10.1
nvidia-current

304.134-0ubuntu0.16.10.1
nvidia-340-updates

340.101-0ubuntu0.16.10.1
nvidia-340

340.101-0ubuntu0.16.10.1
nvidia-331-updates

340.101-0ubuntu0.16.10.1
nvidia-304-updates

304.134-0ubuntu0.16.10.1
nvidia-304

304.134-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
nvidia-331

340.101-0ubuntu0.16.04.1
nvidia-current

304.134-0ubuntu0.16.04.1
nvidia-340-updates

340.101-0ubuntu0.16.04.1
nvidia-340

340.101-0ubuntu0.16.04.1
nvidia-331-updates

340.101-0ubuntu0.16.04.1
nvidia-304-updates

304.134-0ubuntu0.16.04.1
nvidia-304

304.134-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
nvidia-331

340.101-0ubuntu0.14.04.1
nvidia-current

304.134-0ubuntu0.14.04.1
nvidia-340-updates

340.101-0ubuntu0.14.04.1
nvidia-340

340.101-0ubuntu0.14.04.1
nvidia-331-updates

340.101-0ubuntu0.14.04.1
nvidia-304-updates

304.134-0ubuntu0.14.04.1
nvidia-304

304.134-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
nvidia-331

340.101-0ubuntu0.12.04.1
nvidia-current

304.134-0ubuntu0.12.04.1
nvidia-340-updates

340.101-0ubuntu0.12.04.1
nvidia-340

340.101-0ubuntu0.12.04.1
nvidia-331-updates

340.101-0ubuntu0.12.04.1
nvidia-304-updates

304.134-0ubuntu0.12.04.1
nvidia-304

304.134-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2016-8826

Fedora

python-crypto-2.6.1-13.fc24

A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto’s AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue.

This is CVE-2013-7459.

Hackers News

Smile! Hackers Can Remotely Access Your Samsung SmartCam Security Cameras

It’s not necessary to break into your computer or smartphone to spy on you. Today all devices in our home are becoming more connected to networks than ever to make our lives easy.

But what’s worrisome is that these connected devices can be turned against us, anytime, due to lack of stringent security measures and insecure encryption mechanisms implemented in these Internet of Things (IoTs)

NVD

CVE-2016-7564

Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.