Updated nvidia-current & ldetect-lst packages fix security vulnerabilities
Publication date: 27 Jan 2017Modification date: 27 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7382 , CVE-2016-7389 , CVE-2016-8826
Description
This proprietary nvidia-current driver update provides an upgrade to the new R375 long lived branch adding support for nVidia Geforce 10 (GTX10xx, Pascal) series hardware and fixes the following security issues: NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidia.ko) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges (CVE-2016-7382). NVIDIA GPU Display Driver on Linux contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges (CVE-2016-7389). NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvidia.ko) where a user can cause a GPU interrupt storm, leading to a denial of service (CVE-2016-8826).
References
- https://bugs.mageia.org/show_bug.cgi?id=19994
- http://nvidia.custhelp.com/app/answers/detail/a_id/4246
- http://nvidia.custhelp.com/app/answers/detail/a_id/4278
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7382
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7389
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8826
SRPMS
5/core
- ldetect-lst-0.1.346.5-1.mga5
5/nonfree
- nvidia-current-375.26-1.mga5.nonfree