USN-1420-1: NVIDIA graphics drivers vulnerability

Ubuntu Security Notice USN-1420-1

11th April, 2012

nvidia-graphics-drivers, nvidia-graphics-drivers-173, nvidia-graphics-drivers-173-updates, nvidia-graphics-drivers-updates vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS

Summary

NVIDIA graphics drivers could be made to run programs as an administrator.

Software description

  • nvidia-graphics-drivers - NVIDIA binary Xorg driver
  • nvidia-graphics-drivers-173 - NVIDIA binary Xorg driver
  • nvidia-graphics-drivers-173-updates - NVIDIA binary Xorg driver
  • nvidia-graphics-drivers-updates - NVIDIA binary Xorg driver

Details

It was discovered that the NVIDIA graphics drivers could be reconfigured to
gain access to arbitrary system memory. A local attacker could use this
issue to possibly gain root privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:
nvidia-173-updates 173.14.30-0ubuntu5.1
nvidia-173 173.14.30-0ubuntu8.1
nvidia-current-updates 280.13-0ubuntu5.1
nvidia-current 280.13-0ubuntu6.1
Ubuntu 11.04:
nvidia-173 173.14.30-0ubuntu1.1
nvidia-current 270.41.06-0ubuntu1.1
Ubuntu 10.04 LTS:
nvidia-173 173.14.22-0ubuntu11.1
nvidia-current 195.36.24-0ubuntu1~10.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2012-0946