LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Blender vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102)
===========================================================
Ubuntu Security Notice USN-699-1          December 22, 2008
blender vulnerabilities
CVE-2008-1102, CVE-2008-4863
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  blender                         2.41-1ubuntu4.1

After a standard system upgrade you need to restart Blender to effect
the necessary changes.

Details follow:

It was discovered that Blender did not correctly handle certain malformed
Radiance RGBE images. If a user were tricked into opening a .blend file
containing a specially crafted Radiance RGBE image, an attacker could execute
arbitrary code with the user's privileges. (CVE-2008-1102)

It was discovered that Blender did not properly sanitize the Python search
path. A local attacker could execute arbitrary code by inserting a specially
crafted Python file in the Blender working directory. (CVE-2008-4863)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubuntu4.1.diff.gz
      Size/MD5:    25321 a6a2c9e48b5c274d1744d740b0d0501e
    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubuntu4.1.dsc
      Size/MD5:      947 2c501e9883db205fab612b6cd7b50d27
    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41.orig.tar.gz
      Size/MD5:  9464385 f6b54ff73c37aaca4d3f5babdd156fbf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubuntu4.1_amd64.deb
      Size/MD5:  5399852 ee9c0adcf8fb0cf7021dd3d5132dab41

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubuntu4.1_i386.deb
      Size/MD5:  4848820 f68c68e0db4b4ea0b7c8eed29217e398

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubuntu4.1_powerpc.deb
      Size/MD5:  5467466 aee78b058760935e9cbe92e069c3ae19

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubuntu4.1_sparc.deb
      Size/MD5:  5110704 5f03470392a9c258d2116995b0a6e605



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.