Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Ubuntu 6.06 LTS: USN-698-1 Severe: GIMP Memory Corruption Vulnerability

Calendar Dec 22, 2008 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu image processing malformed images Blender
It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. (CVE-2008-1102) 
==========================================================Ubuntu Security Notice USN-699-1          December 22, 2008
blender vulnerabilities
CVE-2008-1102, CVE-2008-4863
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  blender                         2.41-1ubuntu4.1

After a standard system upgrade you need to restart Blender to effect
the necessary changes.

Details follow:

It was discovered that Blender did not correctly handle certain malformed
Radiance RGBE images. If a user were tricked into opening a .blend file
containing a specially crafted Radiance RGBE image, an attacker could execute
arbitrary code with the user's privileges. (CVE-2008-1102)

It was discovered that Blender did not properly sanitize the Python search
path. A local attacker could execute arbitrary code by inserting a specially
crafted Python file in the Blender working directory. (CVE-2008-4863)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    25321 a6a2c9e48b5c274d1744d740b0d0501e
          Size/MD5:      947 2c501e9883db205fab612b6cd7b50d27
          Size/MD5:  9464385 f6b54ff73c37aaca4d3f5babdd156fbf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  5399852 ee9c0adcf8fb0cf7021dd3d5132dab41

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  4848820 f68c68e0db4b4ea0b7c8eed29217e398

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  5467466 aee78b058760935e9cbe92e069c3ae19

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  5110704 5f03470392a9c258d2116995b0a6e605

Ubuntu 6.06 LTS: USN-698-1 Severe: GIMP Memory Corruption Vulnerability

ubuntu
Calendar Grey December 22, 2008
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-700-1 addresses vulnerabilities in GIMP that could potentially allow unauthorized code execution. Update immediately.
It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images

Summary

Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu image processing malformed images Blender

Update Instructions

References

Severity
important
Lowest
Low
Medium
High
Critical

blender vulnerabilities

Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu image processing malformed images Blender

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here