Bug#869783: Security - upgrade NVidia driver to 375.82 in stable.

[Paddy Steed]

I keep on getting emails for Nvidia stuff, how can I stop this?

On 26 Jul 2017 23:21, "Luca Boccassi" <luca.boccassi at gmail.com> wrote:

Control: tags -1 pending

On Wed, 2017-07-26 at 13:48 +0200, Julien Aubin wrote:
> Package: nvidia-driver
> Version: 375.66-2
> Severity: critical
>
> Hi,
>
> NVidia driver is currently targetted by several critical
> vulnerabilities as
> disclosed by NVidia. Full description there :
> https://nvidia.custhelp.com/app/answers/detail/a_id/4525
>
> Some of the vulnerabilities affect Linux users with issues including
> privilege escalation and denial of service.
>
> Updated package is 375.82.
>
> Could you please release quickly the updated packages ?
>
> Thanks

Uploaded to unstable.

Dear Security Team,

CVE-2017-6257 and CVE-2017-6259 affect Stretch - how would you like to
see this handled?

- upload through security
- upload through p/u
- ignore

I have tested this new version on a Stretch amd64 desktop and didn't
encounter any issue.

The debdiff from 375.66-2~deb9u1 to 375.82-1 is attached.

Apart from the new upstream version, the other bug fixes are:

- update binary library blobs symbols files reflecting upstream changes
- allow parallel dkms builds if requested (#864639)
- re-allow dkms ccache usage if enabled
- switch watch files protocol to https, upstream deprecated ftp
(#868815)
- mark the dkms modules as build-tested on kernel 4.11
- add support for buster in the nvidia-detect script (#866126)

Kind regards,
Luca Boccassi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20170727/a18f47c0/attachment.html>