nvidia-graphics-drivers, nvidia-graphics-drivers-updates, nvidia-settings, nvidia-settings-updates vulnerability

10 April 2013

nvidia-graphics-drivers, nvidia-graphics-drivers-updates, nvidia-settings, nvidia-settings-updates vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 12.10
• Ubuntu 12.04 LTS

Summary

NVIDIA graphics drivers could be made to run programs as an administrator.

Software Description

• nvidia-graphics-drivers - NVIDIA binary Xorg driver
• nvidia-graphics-drivers-updates - NVIDIA binary Xorg driver
• nvidia-settings - Tool for configuring the NVIDIA graphics driver
• nvidia-settings-updates - Tool for configuring the NVIDIA graphics driver

Details

It was discovered that the NVIDIA graphics drivers incorrectly handled large ARGB cursors. A local attacker could use this issue to gain root privileges.

The NVIDIA graphics drivers have been updated to 304.88 to fix this issue. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.10

nvidia-current - 304.88-0ubuntu0.1

nvidia-current-updates - 304.88-0ubuntu0.1

nvidia-settings - 304.88-0ubuntu0.2

nvidia-settings-updates - 304.88-0ubuntu0.2

Ubuntu 12.04 LTS

nvidia-current - 304.88-0ubuntu0.0.2

nvidia-current-updates - 304.88-0ubuntu0.0.1

nvidia-settings - 304.88-0ubuntu0.0.2

nvidia-settings-updates - 304.88-0ubuntu0.0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

• CVE-2013-0131