Ubuntu alert USN-238-1 (blender)
| From: | Martin Pitt <martin.pitt@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-238-1] Blender vulnerability | |
| Date: | Fri, 6 Jan 2006 10:13:41 +0100 | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com |
=========================================================== Ubuntu Security Notice USN-238-1 January 06, 2006 blender vulnerability CVE-2005-3354 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The following packages are affected: blender The problem can be corrected by upgrading the affected package to version 2.37a-1ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges. Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 11607 282c2bc853abdd9fcadeb94fd42d293f http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 759 f6d6c5fe8bba50202cb60db85a1f3240 http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 7885589 2af6afdb01c1d297c43602982d9a919c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 4791610 926553266642bd9f625e1b27dccd23ff i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 4113452 ee9f2a301ed054d9c56dd2412757465b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/b/blender/ble... Size/MD5: 4641056 8b75ee14b6ce089d7172c88343a1b821 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...