CVE-2017-6266 CVE-2017-6267 CVE-2017-6272

Bug #1721219 reported by Alberto Milone on 2017-10-04
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-375 (Ubuntu)
High
Alberto Milone
Trusty
High
Alberto Milone
Xenial
High
Alberto Milone
Zesty
High
Alberto Milone

Bug Description

CVE-2017-6266 CVE-2017-6267 CVE-2017-6272:
https://nvidia.custhelp.com/app/answers/detail/a_id/4544

The packages are available for testing in the following PPA:
https://launchpad.net/~albertomilone/+archive/ubuntu/nvidia-security-1

CVE References

Changed in nvidia-graphics-drivers-375 (Ubuntu):
assignee: nobody → Alberto Milone (albertomilone)
status: New → In Progress
importance: Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
assignee: nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
importance: Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
importance: Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
importance: Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
status: New → In Progress
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
status: New → In Progress
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
status: New → In Progress
description: updated
Tyler Hicks (tyhicks) wrote :

@albertomilone is there a reason to keep this bug private? AFAICT, the security issues are all public.

Tyler Hicks (tyhicks) wrote :

I've unsubscribed ubuntu-security-sponsors for now while we sort out why the bug is private.

@Tyler not really. It's all public.

On 5 October 2017 at 23:18, Tyler Hicks <email address hidden> wrote:

> @albertomilone is there a reason to keep this bug private? AFAICT, the
> security issues are all public.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1721219
>
> Title:
> CVE-2017-6266 CVE-2017-6267 CVE-2017-6272
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/nvidia-
> graphics-drivers-375/+bug/1721219/+subscriptions
>

--
Alberto Milone

information type: Private Security → Public Security
Marc Deslauriers (mdeslaur) wrote :

This has been published. Thanks!

https://usn.ubuntu.com/usn/usn-3461-1/

Changed in nvidia-graphics-drivers-375 (Ubuntu):
status: In Progress → Fix Released
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
status: In Progress → Fix Released
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
status: In Progress → Fix Released

This security update has broken Vulkan (try running vulkaninfo)

Seth Arnold (seth-arnold) wrote :

Alberto, do you have any ideas? Is this liable to be something in the packaging or something in the binary blob? Is there a favoured way to report bugs back to Nvidia?

Thanks

I think it is something in the packaging. 384.90 was working fine until last update, and now it is no longer working.
If I downgrade the package from 384.90-0ubuntu0.16.04.1 to 384.90-0ubuntu0~gpu16.04.1 it works fine.

Marc Deslauriers (mdeslaur) wrote :

Where did you get 384.90-0ubuntu0~gpu16.04.1 from?
Does 375.66-0ubuntu0.16.04.1 work?

Alberto Milone (albertomilone) wrote :

I have worked on a fix in LP: #1726809

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers