Bug#876414: nvidia-kernel-dkms: security issues CVE-2017-6266, CVE-2017-6267, CVE-2017-6272
Luca Boccassi
bluca at debian.org
Thu Sep 21 22:47:28 UTC 2017
On Fri, 2017-09-22 at 00:15 +0200, Andreas Beckmann wrote:
> On 09/21/2017 11:55 PM, Luca Boccassi wrote:
> > 3 CVEs affecting the NVIDIA proprietary kernel modules have been
> > published [1]:
> >
> > CVE-2017-6266, CVE-2017-6267, CVE-2017-6272
> >
> > All affecting only the 384 branch, and fixed in the 384.90 release.
>
> Since NVIDIA published these today, but nothing for the 304xx/340xx
> branches, the recent legacy releases don't seem to be relevant
> security
> wise ... so nothing too urgent.
Yes, that seems to be the case.
I've done all the updates in the 384 branches, it was pretty straight
forward.
> Did you have time to test the 375 trunk packaging on stretch? I think
> it
> should work there out-of-the box after the recent changes ... I'm
> thinking about backporting -4 once this reched testing, to get
> exposure
> to a wider audience, since at some point we will need to put a 384 or
> 375 release with larger packaging changes into stretch-pu.
> And thereafter moving to 384 in sid (via 378 and 381 first)
Yes it seems to be working fine, tried a couple of games, thanks for
the fixes.
The plan sounds good - it looks like 375 is going out of support and
there's no sign of a new fork.
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-nvidia-devel/attachments/20170921/ce704082/attachment.sig>
More information about the pkg-nvidia-devel
mailing list