svn commit: r437678 - head/security/vuxml
Alexey Dokuchaev
danfe at FreeBSD.org
Tue Apr 4 02:27:17 UTC 2017
Author: danfe
Date: Tue Apr 4 02:27:15 2017
New Revision: 437678
URL: https://svnweb.freebsd.org/changeset/ports/437678
Log:
- Document recent NVIDIA GPU display driver vulnerabilities
- Spell "NVIDIA UNIX driver" consistently throughout the file
PR: 217341
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Apr 3 22:40:47 2017 (r437677)
+++ head/security/vuxml/vuln.xml Tue Apr 4 02:27:15 2017 (r437678)
@@ -58,6 +58,48 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="057e6616-1885-11e7-bb4d-a0d3c19bfa21">
+ <topic>NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler</topic>
+ <affects>
+ <package>
+ <name>nvidia-driver</name>
+ <range><lt>375.39</lt></range>
+ </package>
+ <package>
+ <name>nvidia-driver-340</name>
+ <range><lt>340.102</lt></range>
+ </package>
+ <package>
+ <name>nvidia-driver-304</name>
+ <range><lt>304.135</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVIDIA Unix security team reports:</p>
+ <blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/4398">
+ <p>NVIDIA GPU Display Driver contains vulnerabilities in the
+ kernel mode layer handler where multiple integer overflows,
+ improper access control, and improper validation of a user
+ input may cause a denial of service or potential escalation
+ of privileges.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0309</cvename>
+ <cvename>CVE-2017-0310</cvename>
+ <cvename>CVE-2017-0311</cvename>
+ <cvename>CVE-2017-0318</cvename>
+ <cvename>CVE-2017-0321</cvename>
+ <url>http://nvidia.custhelp.com/app/answers/detail/a_id/4398</url>
+ </references>
+ <dates>
+ <discovery>2017-02-14</discovery>
+ <entry>2017-04-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7cf058d8-158d-11e7-ba2c-e8e0b747a45a">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
@@ -105506,7 +105548,7 @@ executed in your Internet Explorer while
</vuln>
<vuln vid="a6d9da4a-5d5e-11db-8faf-000c6ec775d9">
- <topic>nvidia-driver -- arbitrary root code execution vulnerability</topic>
+ <topic>NVIDIA UNIX driver -- arbitrary root code execution vulnerability</topic>
<affects>
<package>
<name>nvidia-driver</name>
More information about the svn-ports-head
mailing list