* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201402-02.xml
@ 2014-02-02 17:55 Sergey Popov (pinkbyte)
0 siblings, 0 replies; 3+ messages in thread
From: Sergey Popov (pinkbyte) @ 2014-02-02 17:55 UTC (permalink / raw
To: gentoo-commits
pinkbyte 14/02/02 17:55:26
Added: glsa-201402-02.xml
Log:
GLSA 201402-02
Revision Changes Path
1.1 xml/htdocs/security/en/glsa/glsa-201402-02.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?rev=1.1&content-type=text/plain
Index: glsa-201402-02.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201402-02">
<title>NVIDIA Drivers: Privilege Escalation</title>
<synopsis>A NVIDIA drivers bug allows unprivileged user-mode software to
access the GPU inappropriately, allowing for privilege escalation.
</synopsis>
<product type="ebuild">nvidia-drivers</product>
<announced>February 02, 2014</announced>
<revised>February 02, 2014: 1</revised>
<bug>493448</bug>
<access>local</access>
<affected>
<package name="x11-drivers/nvidia-drivers" auto="yes" arch="*">
<unaffected range="ge">331.20</unaffected>
<unaffected range="rge">319.76</unaffected>
<unaffected range="rge">304.116</unaffected>
<vulnerable range="lt">331.20</vulnerable>
</package>
</affected>
<background>
<p>The NVIDIA drivers provide X11 and GLX support for NVIDIA graphic
boards.
</p>
</background>
<description>
<p>The vulnerability is caused due to the driver allowing unprivileged
user-mode software to access the GPU.
</p>
</description>
<impact type="high">
<p>A local attacker could gain escalated privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All NVIDIA Drivers users using the 331 branch should upgrade to the
latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-331.20"
</code>
<p>All NVIDIA Drivers users using the 319 branch should upgrade to the
latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-319.76"
</code>
<p>All NVIDIA Drivers users using the 304 branch should upgrade to the
latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
">=x11-drivers/nvidia-drivers-304.116"
</code>
</resolution>
<references>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5987">CVE-2013-5987</uri>
</references>
<metadata tag="requester" timestamp="Sat, 14 Dec 2013 04:12:07 +0000">
BlueKnight
</metadata>
<metadata tag="submitter" timestamp="Sun, 02 Feb 2014 17:54:59 +0000">
BlueKnight
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 3+ messages in thread* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201402-02.xml
@ 2014-02-02 18:03 Sergey Popov (pinkbyte)
0 siblings, 0 replies; 3+ messages in thread
From: Sergey Popov (pinkbyte) @ 2014-02-02 18:03 UTC (permalink / raw
To: gentoo-commits
pinkbyte 14/02/02 18:03:58
Modified: glsa-201402-02.xml
Log:
Add one missing CVE entry for GLSA 201402-02
Revision Changes Path
1.2 xml/htdocs/security/en/glsa/glsa-201402-02.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?r1=1.1&r2=1.2
Index: glsa-201402-02.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- glsa-201402-02.xml 2 Feb 2014 17:55:26 -0000 1.1
+++ glsa-201402-02.xml 2 Feb 2014 18:03:58 -0000 1.2
@@ -9,7 +9,7 @@
</synopsis>
<product type="ebuild">nvidia-drivers</product>
<announced>February 02, 2014</announced>
- <revised>February 02, 2014: 1</revised>
+ <revised>February 02, 2014: 2</revised>
<bug>493448</bug>
<access>local</access>
<affected>
@@ -68,12 +68,13 @@
</code>
</resolution>
<references>
+ <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5986">CVE-2013-5986</uri>
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5987">CVE-2013-5987</uri>
</references>
<metadata tag="requester" timestamp="Sat, 14 Dec 2013 04:12:07 +0000">
BlueKnight
</metadata>
- <metadata tag="submitter" timestamp="Sun, 02 Feb 2014 17:54:59 +0000">
+ <metadata tag="submitter" timestamp="Sun, 02 Feb 2014 18:03:28 +0000">
BlueKnight
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 3+ messages in thread* [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201402-02.xml
@ 2014-03-13 6:55 Sergey Popov (pinkbyte)
0 siblings, 0 replies; 3+ messages in thread
From: Sergey Popov (pinkbyte) @ 2014-03-13 6:55 UTC (permalink / raw
To: gentoo-commits
pinkbyte 14/03/13 06:55:08
Modified: glsa-201402-02.xml
Log:
GLSA 201402-02: update for new versions of x11-drivers/nvidia-drivers
Revision Changes Path
1.3 xml/htdocs/security/en/glsa/glsa-201402-02.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?rev=1.3&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?rev=1.3&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml?r1=1.2&r2=1.3
Index: glsa-201402-02.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201402-02.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- glsa-201402-02.xml 2 Feb 2014 18:03:58 -0000 1.2
+++ glsa-201402-02.xml 13 Mar 2014 06:55:08 -0000 1.3
@@ -9,7 +9,7 @@
</synopsis>
<product type="ebuild">nvidia-drivers</product>
<announced>February 02, 2014</announced>
- <revised>February 02, 2014: 2</revised>
+ <revised>March 13, 2014: 3</revised>
<bug>493448</bug>
<access>local</access>
<affected>
@@ -17,6 +17,8 @@
<unaffected range="ge">331.20</unaffected>
<unaffected range="rge">319.76</unaffected>
<unaffected range="rge">304.116</unaffected>
+ <unaffected range="rge">304.119</unaffected>
+ <unaffected range="rge">304.121</unaffected>
<vulnerable range="lt">331.20</vulnerable>
</package>
</affected>
@@ -74,7 +76,7 @@
<metadata tag="requester" timestamp="Sat, 14 Dec 2013 04:12:07 +0000">
BlueKnight
</metadata>
- <metadata tag="submitter" timestamp="Sun, 02 Feb 2014 18:03:28 +0000">
+ <metadata tag="submitter" timestamp="Thu, 13 Mar 2014 06:49:59 +0000">
BlueKnight
</metadata>
</glsa>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-03-13 6:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-02 17:55 [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201402-02.xml Sergey Popov (pinkbyte)
-- strict thread matches above, loose matches on Subject: below --
2014-02-02 18:03 Sergey Popov (pinkbyte)
2014-03-13 6:55 Sergey Popov (pinkbyte)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox