| Summary: | <x11-drivers/nvidia-drivers-{390.144,460.91.03,471.56.01}: multiple vulnerabilities (CVE-2021-{1090,1093,1094,1095}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ionen, soap |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://nvidia.custhelp.com/app/answers/detail/a_id/5211 | ||
| Whiteboard: | A3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2021-07-22 14:49:34 UTC
Three of the fixed versions (390.144, 460.91.03, and 471.56.01), are already in tree. For 450 branch, I see a mention of 450.142.00 however I can't find the release on nvidia sites yet. May consider simply dropping the 450 branch soon. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38e02eb3ac57e490bec4947d8a4b8ef2670f238d commit 38e02eb3ac57e490bec4947d8a4b8ef2670f238d Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2021-07-22 15:05:16 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-07-22 15:06:54 +0000 x11-drivers/nvidia-drivers: drop vuln 470.42.01 Bug: https://bugs.gentoo.org/803389 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 7 - .../nvidia-drivers/nvidia-drivers-470.42.01.ebuild | 445 --------------------- 2 files changed, 452 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26bc27ab8c9db458f770f4110597534c5563b064 commit 26bc27ab8c9db458f770f4110597534c5563b064 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2021-07-22 15:03:22 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-07-22 15:06:54 +0000 x11-drivers/nvidia-drivers: drop vuln 450.119.03, end of 450 branch There is little reason for this branch to be supported anymore, please use 460 or 470 instead. Bug: https://bugs.gentoo.org/803389 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 7 - x11-drivers/nvidia-drivers/files/nvidia-450.conf | 30 -- .../nvidia-drivers-450.119.03.ebuild | 427 --------------------- 3 files changed, 464 deletions(-) Non-affected 390.144 and 460.91.03 will be stabled in a week if no issues. 470.xx does not currently have a stable version, but last affected version is now gone from the tree leaving only 470.57.02. 460.67 also affected by other security issues will be removed in roughly 2 weeks alongside 460.84 and 390.143 >-1090 isn't mentioned in the security updates matrix, is it somehow unfixed? It's listing fixes for the windows version: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 Not that I know what to make of this. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=101892cf29ae0aaa85102a8480a4bf64e5697ac2 commit 101892cf29ae0aaa85102a8480a4bf64e5697ac2 Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2021-07-28 23:05:41 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-07-29 01:20:14 +0000 x11-drivers/nvidia-drivers: stabilize 460.91.03 for amd64 Bug: https://bugs.gentoo.org/803389 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/nvidia-drivers-460.91.03.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c898833de6e52e31b9e9a9be3983d30672e4acc commit 1c898833de6e52e31b9e9a9be3983d30672e4acc Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2021-07-28 23:05:00 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-07-29 01:20:13 +0000 x11-drivers/nvidia-drivers: stabilize 390.144 for amd64, x86 Bug: https://bugs.gentoo.org/803389 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/nvidia-drivers-390.144.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=898e69fdce10d2b108edd53730bc4468ac96b80c commit 898e69fdce10d2b108edd53730bc4468ac96b80c Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2021-08-02 16:19:07 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2021-08-02 16:21:03 +0000 x11-drivers/nvidia-drivers: drop vulnerable 390.143-r1, 460.84 Bug: https://bugs.gentoo.org/803389 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-drivers/nvidia-drivers/Manifest | 14 - .../nvidia-drivers-390.143-r1.ebuild | 406 -------------------- .../nvidia-drivers/nvidia-drivers-460.84.ebuild | 420 --------------------- 3 files changed, 840 deletions(-) Thanks Ionen! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e0200868c5e75eb57e7355dc8786db0f79271aa3 commit e0200868c5e75eb57e7355dc8786db0f79271aa3 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-03 12:45:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-03 12:47:03 +0000 [ GLSA 202310-02 ] NVIDIA Drivers: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/764512 Bug: https://bugs.gentoo.org/784596 Bug: https://bugs.gentoo.org/803389 Bug: https://bugs.gentoo.org/832867 Bug: https://bugs.gentoo.org/845063 Bug: https://bugs.gentoo.org/866527 Bug: https://bugs.gentoo.org/881341 Bug: https://bugs.gentoo.org/884045 Bug: https://bugs.gentoo.org/903614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-02.xml | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) |