Bug#876414: nvidia-kernel-dkms: security issues CVE-2017-6266, CVE-2017-6267, CVE-2017-6272

Andreas Beckmann anbe at debian.org
Thu Sep 21 22:15:08 UTC 2017


On 09/21/2017 11:55 PM, Luca Boccassi wrote:
> 3 CVEs affecting the NVIDIA proprietary kernel modules have been
> published [1]:
> 
> CVE-2017-6266, CVE-2017-6267, CVE-2017-6272
> 
> All affecting only the 384 branch, and fixed in the 384.90 release.
Since NVIDIA published these today, but nothing for the 304xx/340xx
branches, the recent legacy releases don't seem to be relevant security
wise ... so nothing too urgent.

Did you have time to test the 375 trunk packaging on stretch? I think it
should work there out-of-the box after the recent changes ... I'm
thinking about backporting -4 once this reched testing, to get exposure
to a wider audience, since at some point we will need to put a 384 or
375 release with larger packaging changes into stretch-pu.
And thereafter moving to 384 in sid (via 378 and 381 first)


Andreas



More information about the pkg-nvidia-devel mailing list