NVIDIA CVE-2016-8826 and CVE-2017-0318

Bug #1659586 reported by Alberto Milone on 2017-01-26
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-304 (Ubuntu)
High
Alberto Milone
Precise
High
Alberto Milone
Trusty
High
Alberto Milone
Xenial
High
Alberto Milone
Yakkety
High
Alberto Milone
nvidia-graphics-drivers-340 (Ubuntu)
Undecided
Alberto Milone
Precise
High
Alberto Milone
Trusty
High
Alberto Milone
Xenial
High
Alberto Milone
Yakkety
High
Alberto Milone
nvidia-graphics-drivers-367 (Ubuntu)
High
Alberto Milone
Precise
Undecided
Unassigned
Trusty
High
Alberto Milone
Xenial
High
Alberto Milone
Yakkety
High
Alberto Milone

Bug Description

The following nvidia drivers series are affected by both CVE-2016-8826 and CVE-2017-0318:

367

The following nvidia drivers series are affected by CVE-2017-0318 (USN-3173-1 already fixed CVE-2016-8826):

340, 304

We also need to migrate users to the 375 series, as 367 is no longer supported by NVIDIA.

CVE References

description: updated
no longer affects: nvidia-graphics-drivers-361 (Ubuntu)
Changed in nvidia-graphics-drivers-367 (Ubuntu):
status: New → In Progress
Changed in nvidia-graphics-drivers-367 (Ubuntu Trusty):
status: New → In Progress
Changed in nvidia-graphics-drivers-367 (Ubuntu Xenial):
status: New → In Progress
Changed in nvidia-graphics-drivers-367 (Ubuntu Yakkety):
status: New → In Progress
Changed in nvidia-graphics-drivers-367 (Ubuntu):
importance: Undecided → High
Changed in nvidia-graphics-drivers-367 (Ubuntu Trusty):
importance: Undecided → High
Changed in nvidia-graphics-drivers-367 (Ubuntu Xenial):
importance: Undecided → High
Changed in nvidia-graphics-drivers-367 (Ubuntu Yakkety):
importance: Undecided → High
Changed in nvidia-graphics-drivers-367 (Ubuntu):
status: In Progress → Fix Committed
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-367 (Ubuntu Trusty):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-367 (Ubuntu Xenial):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-367 (Ubuntu Yakkety):
assignee: nobody → Alberto Milone (albertomilone)
summary: - NVIDIA CVE-2016-8826
+ NVIDIA CVE-2016-8826 and CVE-2017-0318
description: updated
Changed in nvidia-graphics-drivers-367 (Ubuntu Precise):
status: New → Invalid
Changed in nvidia-graphics-drivers-340 (Ubuntu Yakkety):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Changed in nvidia-graphics-drivers-340 (Ubuntu Xenial):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Changed in nvidia-graphics-drivers-340 (Ubuntu Trusty):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Changed in nvidia-graphics-drivers-340 (Ubuntu Precise):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Changed in nvidia-graphics-drivers-340 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
status: New → Fix Released
Changed in nvidia-graphics-drivers-367 (Ubuntu):
status: Fix Committed → Fix Released
Changed in nvidia-graphics-drivers-304 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → Fix Released
Changed in nvidia-graphics-drivers-304 (Ubuntu Precise):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Changed in nvidia-graphics-drivers-304 (Ubuntu Trusty):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Changed in nvidia-graphics-drivers-304 (Ubuntu Xenial):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Changed in nvidia-graphics-drivers-304 (Ubuntu Yakkety):
assignee: nobody → Alberto Milone (albertomilone)
importance: Undecided → High
status: New → In Progress
Tyler Hicks (tyhicks) on 2017-03-20
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.135-0ubuntu0.12.04.1

---------------
nvidia-graphics-drivers-304 (304.135-0ubuntu0.12.04.1) precise; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms_nvidia/patches/buildfix_kernel_4.9.patch,
    debian/dkms_nvidia/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms_nvidia.conf.in:
    - Add support for Linux 4.9 and 4.10.

 -- Alberto Milone <email address hidden> Wed, 08 Mar 2017 12:49:28 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Precise):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.135-0ubuntu0.14.04.1

---------------
nvidia-graphics-drivers-304 (304.135-0ubuntu0.14.04.1) trusty; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms_nvidia/patches/buildfix_kernel_4.9.patch,
    debian/dkms_nvidia/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms_nvidia.conf.in:
    - Add support for Linux 4.9 and 4.10.

 -- Alberto Milone <email address hidden> Wed, 08 Mar 2017 12:54:19 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Trusty):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.102-0ubuntu0.16.10.1

---------------
nvidia-graphics-drivers-340 (340.102-0ubuntu0.16.10.1) yakkety; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms_nvidia/patches/buildfix_kernel_4.9.patch,
    debian/dkms_nvidia/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms_nvidia.conf.in:
    - Add support for Linux 4.9 and 4.10.

 -- Alberto Milone <email address hidden> Mon, 06 Mar 2017 17:10:16 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Yakkety):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.102-0ubuntu0.16.04.1

---------------
nvidia-graphics-drivers-340 (340.102-0ubuntu0.16.04.1) xenial; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms_nvidia/patches/buildfix_kernel_4.9.patch,
    debian/dkms_nvidia/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms_nvidia.conf.in:
    - Add support for Linux 4.9 and 4.10.

 -- Alberto Milone <email address hidden> Mon, 06 Mar 2017 17:00:35 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Xenial):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.135-0ubuntu0.16.10.1

---------------
nvidia-graphics-drivers-304 (304.135-0ubuntu0.16.10.1) yakkety; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms.conf.in:
    - Add support for Linux 4.10.

 -- Alberto Milone <email address hidden> Fri, 17 Mar 2017 11:24:58 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Yakkety):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.102-0ubuntu0.12.04.1

---------------
nvidia-graphics-drivers-340 (340.102-0ubuntu0.12.04.1) precise; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms_nvidia/patches/buildfix_kernel_4.9.patch,
    debian/dkms_nvidia/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms_nvidia.conf.in:
    - Add support for Linux 4.9 and 4.10.

 -- Alberto Milone <email address hidden> Mon, 06 Mar 2017 18:04:52 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Precise):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-340 - 340.102-0ubuntu0.14.04.1

---------------
nvidia-graphics-drivers-340 (340.102-0ubuntu0.14.04.1) trusty; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms_nvidia/patches/buildfix_kernel_4.9.patch,
    debian/dkms_nvidia/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms_nvidia.conf.in:
    - Add support for Linux 4.9 and 4.10.

 -- Alberto Milone <email address hidden> Mon, 06 Mar 2017 16:52:24 +0100

Changed in nvidia-graphics-drivers-340 (Ubuntu Trusty):
status: In Progress → Fix Released
Tyler Hicks (tyhicks) on 2017-03-20
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nvidia-graphics-drivers-304 - 304.135-0ubuntu0.16.04.1

---------------
nvidia-graphics-drivers-304 (304.135-0ubuntu0.16.04.1) xenial; urgency=medium

  * SECURITY UPDATE:
    - CVE-2017-0318 (LP: #1659586).
  * New upstream release.
  * debian/dkms_nvidia/patches/buildfix_kernel_4.9.patch,
    debian/dkms_nvidia/patches/buildfix_kernel_4.10.patch,
    debian/templates/dkms_nvidia.conf.in:
    - Add support for Linux 4.9 and 4.10.

 -- Alberto Milone <email address hidden> Wed, 08 Mar 2017 15:02:55 +0100

Changed in nvidia-graphics-drivers-304 (Ubuntu Xenial):
status: In Progress → Fix Released
no longer affects: nvidia-graphics-drivers-361 (Ubuntu)
no longer affects: nvidia-graphics-drivers-361 (Ubuntu Yakkety)
no longer affects: nvidia-graphics-drivers-361 (Ubuntu Xenial)
no longer affects: nvidia-graphics-drivers-361 (Ubuntu Trusty)
no longer affects: nvidia-graphics-drivers-361 (Ubuntu Precise)
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers