Ubuntu
nvidia-graphics-drivers-375 package

CVE-2017-6266 CVE-2017-6267 CVE-2017-6272

Zesty (17.04)
Bug #1721219

Bug #1721219 reported by Alberto Milone on 2017-10-04

262

This bug affects 1 person

	Status	Importance	Assigned to
nvidia-graphics-drivers-375 (Ubuntu)	Fix Released	High	Alberto Milone
Trusty	Fix Released	High	Alberto Milone
Xenial	Fix Released	High	Alberto Milone
Zesty	Fix Released	High	Alberto Milone

Bug Description

CVE-2017-6266 CVE-2017-6267 CVE-2017-6272:
https://nvidia.custhelp.com/app/answers/detail/a_id/4544

The packages are available for testing in the following PPA:
https://launchpad.net/~albertomilone/+archive/ubuntu/nvidia-security-1

See original description

CVE References

Alberto Milone (albertomilone) on 2017-10-04

Changed in nvidia-graphics-drivers-375 (Ubuntu):
assignee:	nobody → Alberto Milone (albertomilone)
status:	New → In Progress
importance:	Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
assignee:	nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
assignee:	nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
assignee:	nobody → Alberto Milone (albertomilone)
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
importance:	Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
importance:	Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
importance:	Undecided → High
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
status:	New → In Progress
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
status:	New → In Progress
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
status:	New → In Progress

Alberto Milone (albertomilone) on 2017-10-05

description:

updated

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2017-10-05:

@albertomilone is there a reason to keep this bug private? AFAICT, the security issues are all public.

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2017-10-05:

I've unsubscribed ubuntu-security-sponsors for now while we sort out why the bug is private.

Revision history for this message

Alberto Milone (albertomilone) wrote on 2017-10-17: Re: [Bug 1721219] Re: CVE-2017-6266 CVE-2017-6267 CVE-2017-6272

@Tyler not really. It's all public.

On 5 October 2017 at 23:18, Tyler Hicks <email address hidden> wrote:

> @albertomilone is there a reason to keep this bug private? AFAICT, the
> security issues are all public.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1721219
>
> Title:
> CVE-2017-6266 CVE-2017-6267 CVE-2017-6272
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/nvidia-
> graphics-drivers-375/+bug/1721219/+subscriptions
>

--
Alberto Milone

Seth Arnold (seth-arnold) on 2017-10-17

information type:

Private Security → Public Security

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2017-10-23:

This has been published. Thanks!

https://usn.ubuntu.com/usn/usn-3461-1/

Changed in nvidia-graphics-drivers-375 (Ubuntu):
status:	In Progress → Fix Released
Changed in nvidia-graphics-drivers-375 (Ubuntu Trusty):
status:	In Progress → Fix Released
Changed in nvidia-graphics-drivers-375 (Ubuntu Xenial):
status:	In Progress → Fix Released
Changed in nvidia-graphics-drivers-375 (Ubuntu Zesty):
status:	In Progress → Fix Released

Revision history for this message

Daniel Ribeiro Maciel (daniel-maciel) wrote on 2017-10-24:

This security update has broken Vulkan (try running vulkaninfo)

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2017-10-24:

Alberto, do you have any ideas? Is this liable to be something in the packaging or something in the binary blob? Is there a favoured way to report bugs back to Nvidia?

Thanks

Revision history for this message

Daniel Ribeiro Maciel (daniel-maciel) wrote on 2017-10-25:

I think it is something in the packaging. 384.90 was working fine until last update, and now it is no longer working.
If I downgrade the package from 384.90-0ubuntu0.16.04.1 to 384.90-0ubuntu0~gpu16.04.1 it works fine.

Revision history for this message

Daniel Ribeiro Maciel (daniel-maciel) wrote on 2017-10-25:

(I arrived here through: https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.90-0ubuntu0.16.04.1)

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2017-10-26:

Where did you get 384.90-0ubuntu0~gpu16.04.1 from?
Does 375.66-0ubuntu0.16.04.1 work?

Revision history for this message

Alberto Milone (albertomilone) wrote on 2017-10-30:

#10

I have worked on a fix in LP: #1726809

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntunvidia-graphics-drivers-375 package

CVE-2017-6266 CVE-2017-6267 CVE-2017-6272

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
nvidia-graphics-drivers-375 package