Bug#1025281: marked as done (nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259)

Sat, 03 Dec 2022 14:12:29 -0800 

Your message dated Sat, 03 Dec 2022 22:08:58 +0000
with message-id <e1p1ags-00gv5d...@fasolo.debian.org>
and subject line Bug#1025281: fixed in nvidia-graphics-drivers-legacy-390xx 
390.157-1
has caused the Debian Bug report #1025281,
regarding nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, CVE-2022-34674, 
CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1025281: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025281
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34680, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, 
CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263, 
CVE-2022-42264
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, 
CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, 
CVE-2022-42263, CVE-2022-42264
Control: reassign -8 src:nvidia-graphics-drivers-tesla-510 510.47.03-1
Control: retitle -8 nvidia-graphics-drivers-tesla-510: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: reassign -9 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -9 nvidia-graphics-drivers-tesla: CVE-2022-34670, 
CVE-2022-34674, CVE-2022-34675, CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, 
CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, 
CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, 
CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5415

CVE-2022-34670  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause truncation errors when casting a primitive to a
primitive of smaller size causes data to be lost in the conversion,
which may lead to denial of service or information disclosure.

CVE-2022-42263  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an Integer
overflow may lead to denial of service or information disclosure.

CVE-2022-34676  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an out-of-bounds
read may lead to denial of service, information disclosure, or data
tampering.

CVE-2022-42264  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause the use of an out-of-range pointer offset, which may lead
to data tampering, data loss, information disclosure, or denial of
service.

CVE-2022-34674  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where a helper function
maps more physical pages than were requested, which may lead to
undefined behavior or an information leak.

CVE-2022-34678  NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability in the kernel mode layer, where an unprivileged user can
cause a null-pointer dereference, which may lead to denial of service.

CVE-2022-34679  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unhandled
return value can lead to a null-pointer dereference, which may lead to
denial of service.

CVE-2022-34680  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an integer
truncation can lead to an out-of-bounds read, which may lead to denial
of service.

CVE-2022-34677  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer handler, where an unprivileged
regular user can cause an integer to be truncated, which may lead to
denial of service or data tampering.

CVE-2022-34682  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer, where an unprivileged regular
user can cause a null-pointer dereference, which may lead to denial of
service.

CVE-2022-42257  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure, data tampering or denial of
service.

CVE-2022-42265  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to information disclosure or data tampering.

CVE-2022-34684  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one
error may lead to data tampering or information disclosure.

CVE-2022-42254  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, data
tampering, or information disclosure.

CVE-2022-42258  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service, data tampering, or information
disclosure.

CVE-2022-42255  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42256  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow in index validation may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-34673  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an
out-of-bounds array access may lead to denial of service, information
disclosure, or data tampering.

CVE-2022-42259  NVIDIA GPU Display Driver for Linux contains a
vulnerability in the kernel mode layer (nvidia.ko), where an integer
overflow may lead to denial of service.


Linux Driver Branch     CVE IDs Addressed
R515    CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34675,
        CVE-2022-34677, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682,
        CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256,
        CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42263,
        CVE-2022-42264, CVE-2022-42265
R510    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684,
        CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257,
        CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261,
        CVE-2022-42262, CVE-2022-42263, CVE-2022-42264
R470    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258,
        CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42262,
        CVE-2022-42263, CVE-2022-42264
R450    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-42254,
        CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259,
        CVE-2022-42260, CVE-2022-42261, CVE-2022-42262, CVE-2022-42263,
        CVE-2022-42264
R390    CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
        CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259


Andreas

--- End Message ---
--- Begin Message --- 
Source: nvidia-graphics-drivers-legacy-390xx
Source-Version: 390.157-1
Done: Andreas Beckmann <a...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nvidia-graphics-drivers-legacy-390xx, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1025...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <a...@debian.org> (supplier of updated 
nvidia-graphics-drivers-legacy-390xx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 03 Dec 2022 22:17:01 +0100
Source: nvidia-graphics-drivers-legacy-390xx
Architecture: source
Version: 390.157-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-de...@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <a...@debian.org>
Closes: 1025281
Changes:
 nvidia-graphics-drivers-legacy-390xx (390.157-1) unstable; urgency=medium
 .
   * New upstream legacy branch release 390.157 (2022-11-22).
     * Fixed CVE-2022-34670, CVE-2022-34674, CVE-2022-34675, CVE-2022-34677,
       CVE-2022-34680, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259.
       https://nvidia.custhelp.com/app/answers/detail/a_id/5415
       (Closes: #1025281)
     * Improved compatibility with recent Linux kernels.
 .
   [ Andreas Beckmann ]
   * Refresh patches.
   * Rename the internally used ARCH variable which might clash on externally
     set values.
   * Use substitutions for ${nvidia-kernel} and friends (510.108.03-1).
   * Try to compile a kernel module at package build time (510.108.03-1).
Checksums-Sha1:
 02ce68f57dbc1cb770a028d4f94b38d978efbdaa 8119 
nvidia-graphics-drivers-legacy-390xx_390.157-1.dsc
 05bada6a2efeead8863ab2d95d3422fbbb7272bd 85800680 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-amd64.tar.gz
 9a615a40986d228e78b1f3dedb097705957f992e 30245694 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-armhf.tar.gz
 540a50e4981df4eb4e469a50a0b00a2ecb19e5a4 49380168 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-i386.tar.gz
 4c6a9ca940d0035c718004c8760a41194e83b92e 138 
nvidia-graphics-drivers-legacy-390xx_390.157.orig.tar.gz
 51e8a618512c1a416239e885c3dc559355bb6de0 179280 
nvidia-graphics-drivers-legacy-390xx_390.157-1.debian.tar.xz
 a8c498b0def331d69b8e7c5b92c3c29d6ae77280 7597 
nvidia-graphics-drivers-legacy-390xx_390.157-1_source.buildinfo
Checksums-Sha256:
 bea19b7ee8d1d3b3a4e3ef550957295030316683d8026736e5a55f686e28956c 8119 
nvidia-graphics-drivers-legacy-390xx_390.157-1.dsc
 f7de164f36589563358ae5f06262f6be3e24f54c6066994d71c5d527eab4b288 85800680 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-amd64.tar.gz
 4768f44759ac85610da7c62965ab4926f54a64c037d1f2af084292a6a5444a30 30245694 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-armhf.tar.gz
 2938d7cb8b06a187267e7808de73759ba6448529d217a12aa1c7ee2e6f33cbdc 49380168 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-i386.tar.gz
 14a4ad0c72302d99b719689436f45c1e79efddce8725738b21340f945a85439f 138 
nvidia-graphics-drivers-legacy-390xx_390.157.orig.tar.gz
 082a1251a0eb2fed4e6f188de05f7834788aa322335c2cb1f76a839b47114254 179280 
nvidia-graphics-drivers-legacy-390xx_390.157-1.debian.tar.xz
 f3c087daf5030e4995bac787ac9db9485edb4fd06475dc4aec036536b6391d54 7597 
nvidia-graphics-drivers-legacy-390xx_390.157-1_source.buildinfo
Files:
 c38d35d0b13e23bb0628b716a125ab25 8119 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.157-1.dsc
 b8902773d2b3b2e4911911c3eebf6b98 85800680 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-amd64.tar.gz
 caf898305bed678fbe0cbe11f0241a52 30245694 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-armhf.tar.gz
 f9d5cd18d6d058c58b991982975fda89 49380168 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.157.orig-i386.tar.gz
 acf7a131621f6858cbe15c1ad80c5851 138 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.157.orig.tar.gz
 3e8f0f990e2d64f3376178af9a3d3169 179280 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.157-1.debian.tar.xz
 87fda4903cd3340c82341cc2e04e1e8e 7597 non-free/libs optional 
nvidia-graphics-drivers-legacy-390xx_390.157-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmOLwBQQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCFsUD/9LkMj+qK9IFqlC804Y6JFhE8YL58msJ5Jn
xud30dc7ERwaAs75fOiDrR/N/d/K3tL4tsn702ozgNe5xaPYOdtYOaiemcoca2t/
9iXBjUgu6ryGyeH3MkLXag9wy4u9yceZ9JFKOEBSi84SPZHZ8SXlN9oT9QT2cT2R
bcs/ES5CqYeOkYvi+DMhJO2wI6vi/hsMVoT0P5N8xnzNJmx9oJ6Drqf5LyOKkdG4
qvmYMHLUHrWAeKft67N9ezOSy7QHucyzBmDBy8nNQuJ5rXlAcsylF4qM5vyi/vP9
Z4TtPYjMyIR7qV0wC5BVQWQ21s7Ud+cmbxS1dvi0+g5DztFwmk/oVPAyaKx9wbif
t9zqHGOyfCxfPD2icZUqm49py2X+J+qz5AS4Tk6EAiImcFZUZN9IvVenSLZzOLLM
8k1SXw5zmLoHYLLHQhsWiSZhGyLgF8AdZNs4GArrhuzR1NgieF14LSj7HmkKKow1
4C5j27Sa3bu0IyZewhgq0T1TiBZtMGbsGKI3wZTmxLO7gWiUwa18DL0mnACS2cIo
Z0QKr/jRilQILMax/WR0K/I8UYjKSsmAMorL1KrFFtGNRvhGCAIdCBGPUfeldznX
5LJ9UIIsnxn2uzpfxjnlTpYwUfHxBHs0IDYgZiOj8xieAD2/KstaFq40NGlx9GKq
0li/GkWJQg==
=mziD
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to