Bug#913467: nvidia-graphics-drivers: CVE‑2018‑6260: access to application data processed on the GPU through a side channel exposed by the GPU performance counters
Moritz Mühlenhoff
jmm at inutil.org
Mon Feb 18 21:57:59 GMT 2019
On Mon, Nov 12, 2018 at 02:36:23PM +0000, Luca Boccassi wrote:
> On Mon, 2018-11-12 at 13:47 +0100, Andreas Beckmann wrote:
> > On 2018-11-11 13:54, Luca Boccassi wrote:
> > > https://nvidia.custhelp.com/app/answers/detail/a_id/4738
> >
> > So we expect new releases soon. There is already 415.* ...
> >
> > Please refrain from any uploads for now while I'm preparing
> > infrastructure changes. I'll do a 390.87-3 upload soon, thereafter
> > you
> > could update that in sid. If there are some pkern commits in the
> > repository, use them, if not, they will come with -2.
> >
> > (Procedure in 390:
> > do all commits incl. finalization of changelog in 390
> > merge into master
> > upload from master
> > )
> >
> > Andreas
>
> Ok, I see -3 is now in unstable (thanks!) so if something comes out for
> the 390 branch I'll follow that procedure and upload to unstable from
> master.
>
> What about -legacy-390xx?
>
> > PS: finally a reason to push 390 to stretch, lets do it soon at the
> > beginning of the new point release cycle
>
> Yes, sounds good, 384 is not maintained anymore.
I'm confused by all the branches in buster. Can you please confirm
which are fixed for CVE-2018-6260 and which are not? (And if so, which
version in sid fixed it):
nvidia-graphics-drivers: 390.87-8 (sid: 410.93-2)
nvidia-graphics-drivers-legacy-390xx: 390.87-6 (sid the same)
nvidia-graphics-drivers-legacy-340xx: 340.107-3 (sid the same)
nvidia-graphics-drivers-legacy-304xx: not in testing
Cheers,
Moritz
More information about the pkg-nvidia-devel
mailing list