Mageia alert MGASA-2018-0332 (blender)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2018-0332: Updated blender packages fix security vulnerabilities | |
| Date: | Fri, 10 Aug 2018 16:38:36 +0200 | |
| Message-ID: | <20180810143836.A5D9E9FC39@duvel.mageia.org> |
MGASA-2018-0332 - Updated blender packages fix security vulnerabilities Publication date: 10 Aug 2018 URL: https://advisories.mageia.org/MGASA-2018-0332.html Type: security Affected Mageia releases: 6 CVE: CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908, CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12105 Description: Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code (CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908, CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12105). These issues are fixed by updating to the latest upstream 2.79b release, which brings many improvements, bug fixes and new features. See the referenced changelog for details. Also, the yafaray package has been updated to the latest version, 3.3.0, to make it work with the new Blender addons path. References: - https://bugs.mageia.org/show_bug.cgi?id=23332 - https://www.blender.org/features/2-79/ - http://www.yafaray.org/node/817 - https://www.debian.org/security/2018/dsa-4248 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2899 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2900 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2901 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2902 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2903 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2904 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2905 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2906 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2907 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2908 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2918 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... SRPMS: - 6/core/blender-2.79b-1.1.mga6 - 6/core/yafaray-3.3.0-1.2.mga6