Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Nvidia driver security update
toracat
 Posted: Apr 12 2012, 04:16 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









If you are using the Nvidia driver, please read on.

Nvidia just released an update to the Nvidia Unix driver (version 295.40) that addressed a known security vulnerability (CVE-2012-0946). Please see their announcement for details.

If you have installed the Nvidia driver through ELRepo, updating to the current version is as easy as:

yum --enablerepo=elrepo update kmod-nvidia

and reboot.

See also this ELRepo blog.


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
U308
 Posted: Apr 12 2012, 06:26 PM
Quote Post


SLF Expert
******

Group: Members
Posts: 509
Member No.: 32
Joined: 11-April 11









Thank you toracat.

Only local attacks I think ?
PM
^
toracat
 Posted: Apr 12 2012, 07:01 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









QUOTE (U308 @ Apr 12 2012, 10:26 AM)

Only local attacks I think ?

Yes, I believe so.


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
U308
 Posted: May 12 2012, 02:37 PM
Quote Post


SLF Expert
******

Group: Members
Posts: 509
Member No.: 32
Joined: 11-April 11









Coming thick and fast. Now on 295.49.
Not really imperative to continuosly aspire to the latest is it ?
Maybe it would be a good idea to flag those updates that are really essential due
to a security vulnerability (eg. the 295.40 release) and/or some serious incompatibility issue(s)?
Well, of course toracat did flag the vuln. requiring install of 295.40. smile.gif
So, I will rely on toracat and only install an update if flagged as a 'must do' by toracat. tongue.gif

PS. No pressure, definitely no pressure. cool.gif
PM
^
toracat
 Posted: May 12 2012, 02:42 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









QUOTE (U308 @ May 12 2012, 06:37 AM)

PS. No pressure, definitely no pressure.  cool.gif

Hmmm. you used the word "pressure" twice in one sentence ... ohmy.gif


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
U308
 Posted: May 12 2012, 03:19 PM
Quote Post


SLF Expert
******

Group: Members
Posts: 509
Member No.: 32
Joined: 11-April 11









smile.gif Lot's of breathing space.
PM
^
U308
 Posted: Aug 5 2012, 08:05 AM
Quote Post


SLF Expert
******

Group: Members
Posts: 509
Member No.: 32
Joined: 11-April 11









Nvidia vulnerability-new

QUOTE
Linux kernel and X.org developer Dave Airlie has published a program that exploits a vulnerability in NVIDIA's proprietary graphics driver on Linux to give root privileges to an arbitrary user on the system. The program was handed to Airlie anonymously and, he says, it was disclosed to NVIDIA over a month ago. NVIDIA has apparently not responded, so he is publishing it now as requested by the original author.


PM
^
tux99
 Posted: Aug 5 2012, 09:21 AM
Quote Post


SLF Guru
********

Group: Members
Posts: 1293
Member No.: 224
Joined: 28-May 11









NVIDIA UNIX graphics driver exploit advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/3140

NVIDIA has released an updated UNIX graphics driver 304.32 which contains the fix.

The 304.32 driver is available for download at the NVIDIA FTP site:

32-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86/304.32/
64-bit Linux: ftp://download.nvidia.com/XFree86/Linux-x86_64/304.32/

Hopefully Elrepo will have it soon packaged for EL6. No pressure though! cool.gif


--------------------
My personal SL6 repository, specialized in audio/video software: http://pkgrepo.linuxtech.net/el6/
(can be used together with EPEL and ELRepo repositories) - repository mirror: http://linuxsoft.cern.ch/linuxtech/el6/
PM
^
toracat
 Posted: Aug 5 2012, 12:58 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









QUOTE (tux99 @ Aug 5 2012, 01:21 AM)
NVIDIA UNIX graphics driver exploit advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Hopefully Elrepo will have it soon packaged for EL6. No pressure though!  cool.gif


Thanks for the heads up. The maintainer has been alerted. smile.gif


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
redman
 Posted: Aug 5 2012, 05:31 PM
Quote Post


SLF Admin
********

Group: Admins
Posts: 1998
Member No.: 2
Joined: 8-April 11









I noticed on the Nvidia website that there are too kind of of drivers:
QUOTE
Latest Long Lived Branch version: 295.59
Latest Short Lived Branch version: 302.17


Perhaps I missed it on their main site, but I couldn't find good info on the differences / reasons for two drivers.
If someone can explain it, this would be helpful.


--------------------
What is SL? - Forum Rules - Info on 3rd Party Repos - How to post images - How to post large text / config files

Desktop: ASUS P5QPL-AM, Intel Dual-Core E6500, 4GB DDR2, ASUS GeForce GT 430 1GB, SL6.5 x86_64
Laptop: ASUS X58L, Intel Dual-Core T3200, 3GB DDR2, Intel GMA X3100, RHEL7.0 x86_64
Test box: Intel S5000PSL, 2x Intel Xeon E5310, 8GB ECC DDR2 FB-DIMM, ASUS GeForce GT 220 1GB, SL7 BETA x86_64
PMEmail Poster
^
toracat
 Posted: Aug 5 2012, 08:11 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









On the Nvidia forum, the maintainer of ELRepo's nvidia driver, Phil Perry, asked about the long-lived branch:

http://www.nvnews.net/vbulletin/showthread.php?t=166308

Phil: "How long will the long-lived branch be supported for?"

AaronP: "Thanks for asking. There's no set schedule for when the current long-lived branch will change, as it depends primarily on new system platform support (e.g., motherboard chipsets) and new GPU architectures. Our goal is to have at most 2 per year. Generally, support for the current long lived branch ends when a new one is available, but we will make exceptions for critical issues."


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
redman
 Posted: Aug 7 2012, 06:56 AM
Quote Post


SLF Admin
********

Group: Admins
Posts: 1998
Member No.: 2
Joined: 8-April 11









Thanks for your answer.

Unfortunately I wasn't able to make out what the difference is between a "long-lived" driver and a "short-lived" driver.
I assume that it will be more or less the same with Firefox 10 ESR and the regular Firefox releases?
And if so, I should think you want to use the short-lived driver when you want the driver to be up-to-date?


--------------------
What is SL? - Forum Rules - Info on 3rd Party Repos - How to post images - How to post large text / config files

Desktop: ASUS P5QPL-AM, Intel Dual-Core E6500, 4GB DDR2, ASUS GeForce GT 430 1GB, SL6.5 x86_64
Laptop: ASUS X58L, Intel Dual-Core T3200, 3GB DDR2, Intel GMA X3100, RHEL7.0 x86_64
Test box: Intel S5000PSL, 2x Intel Xeon E5310, 8GB ECC DDR2 FB-DIMM, ASUS GeForce GT 220 1GB, SL7 BETA x86_64
PMEmail Poster
^
toracat
 Posted: Aug 7 2012, 04:12 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









QUOTE (redman @ Aug 6 2012, 10:56 PM)

Unfortunately I wasn't able to make out what the difference is between a "long-lived" driver and a "short-lived" driver.
I assume that it will be more or less the same with Firefox 10 ESR and the regular Firefox releases?

Yes, I think your description is correct. Or, "stable" lines of kernels versus mainline kernel.
QUOTE

And if so, I should think you want to use the short-lived driver when you want the driver to be up-to-date?

That depends. The long-lived branch does get bug fixes, so if it works for you, it's probably best sticking with it. The short-lived branch will be a better choice if that provides new features or support newer models you are looking for. But it is a moving target.


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
toracat
 Posted: Aug 7 2012, 04:20 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









QUOTE (toracat @ Aug 5 2012, 04:58 AM)
QUOTE (tux99 @ Aug 5 2012, 01:21 AM)
NVIDIA UNIX graphics driver exploit advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Hopefully Elrepo will have it soon packaged for EL6. No pressure though!  cool.gif


Thanks for the heads up. The maintainer has been alerted. smile.gif


So far, it looks as if the exploit does not work on EL5/6. At least 3 people attempted to run the posted program but either it did not do anything or it crashed the system. But no privilege escalation.


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
tux99
 Posted: Aug 7 2012, 04:36 PM
Quote Post


SLF Guru
********

Group: Members
Posts: 1293
Member No.: 224
Joined: 28-May 11









QUOTE (toracat @ Aug 7 2012, 06:20 PM)

So far, it looks as if the exploit does not work on EL5/6. At least 3 people attempted to run the posted program but either it did not do anything or it crashed the system. But no privilege escalation.


Good to know. This is exactly one of the reasons why Linux is inherently more secure than Windows or OSX that I keep mentioning to people. Due to the variety of distros, kernels, desktop environments, etc. it's very hard to find an exploit that works on every single Linux box.

It's a bit like in nature, natural variety of subspecies within species beats monoculture every time when it comes to resistance against pests and viruses. biggrin.gif


--------------------
My personal SL6 repository, specialized in audio/video software: http://pkgrepo.linuxtech.net/el6/
(can be used together with EPEL and ELRepo repositories) - repository mirror: http://linuxsoft.cern.ch/linuxtech/el6/
PM
^
toracat
 Posted: Aug 8 2012, 03:06 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 246
Member No.: 11
Joined: 10-April 11









ELRepo just released updated Nvidia drivers [version 295.71] that fix a security issue (Priv escalation) :

http://lists.elrepo.org/pipermail/elrepo/2012-August/001349.html

This is a LTS (long term support) release that fixes a security issue. Please see:

http://permalink.gmane.org/gmane.comp.security.full-disclosure/86747
http://nvidia.custhelp.com/app/answers/detail/a_id/3140

Note that it is a downgrade if you're running 3xx from the testing repo.


--------------------
ELRepo: repository specializing in hardware support for EL
PMUsers Website
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll