User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-699-1 (blender)

From:  Marc Deslauriers <marc.deslauriers@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-699-1] Blender vulnerabilities
Date:  Mon, 22 Dec 2008 09:34:43 -0500
Message-ID:  <1229956483.23276.6.camel@mdlinux.technorage.com>
Cc:  full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com

=========================================================== Ubuntu Security Notice USN-699-1 December 22, 2008 blender vulnerabilities CVE-2008-1102, CVE-2008-4863 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: blender 2.41-1ubuntu4.1 After a standard system upgrade you need to restart Blender to effect the necessary changes. Details follow: It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102) It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory. (CVE-2008-4863) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 25321 a6a2c9e48b5c274d1744d740b0d0501e http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 947 2c501e9883db205fab612b6cd7b50d27 http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 9464385 f6b54ff73c37aaca4d3f5babdd156fbf amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 5399852 ee9c0adcf8fb0cf7021dd3d5132dab41 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 4848820 f68c68e0db4b4ea0b7c8eed29217e398 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 5467466 aee78b058760935e9cbe92e069c3ae19 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 5110704 5f03470392a9c258d2116995b0a6e605 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds