Debian: New blender packages fix arbitrary code execution

    Date05 May 2008
    CategoryDebian
    4352
    Posted ByLinuxSecurity Advisories
    Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application. The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory containing such a file is browsed via Blender's image-open dialog.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1567-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Devin Carraway
    May 05, 2008                          http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : blender
    Vulnerability  : buffer overrun
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-1102
    
    Stefan Cornelius discovered a vulnerability in the Radiance High
    Dynamic Range (HDR) image parser in Blender, a 3D modelling
    application.  The weakness could enable a stack-based buffer overflow
    and the execution of arbitrary code if a maliciously-crafted HDR file
    is opened, or if a directory containing such a file is browsed via
    Blender's image-open dialog.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.42a-7.1+etch1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.45-5.
    
    We recommend that you upgrade your blender packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1.dsc
        Size/MD5 checksum:     1124 2304ad7948f44a1c087e8906f9a676bd
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1.diff.gz
        Size/MD5 checksum:    29617 79175d7996d5e0ea9a981b5c0cdac8ad
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a.orig.tar.gz
        Size/MD5 checksum: 12295244 3d60b7ebe0dea47da12744fe2462d96c
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_alpha.deb
        Size/MD5 checksum:  7062442 57776aac61b9871dcf66da61be6be9f5
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_amd64.deb
        Size/MD5 checksum:  6354226 78f6f086e2a2598fb0b40d861a203dfe
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_arm.deb
        Size/MD5 checksum:  6559778 cea3f23a01a0147b43698494a893effd
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_hppa.deb
        Size/MD5 checksum:  7243926 233690a809c3f39aa742697705e17429
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_i386.deb
        Size/MD5 checksum:  6303940 57ead1737c28b69c2a82fd29bb41e814
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_ia64.deb
        Size/MD5 checksum:  8875392 2d30aa1cd1838e96a4551df38fc7fdf5
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_mips.deb
        Size/MD5 checksum:  6187970 9684782927a3d39931d19575dd194bda
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_mipsel.deb
        Size/MD5 checksum:  6119168 bdd46a3989ed69a645cf53f4cf526f47
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_powerpc.deb
        Size/MD5 checksum:  6536610 8cca411968cbabba698b5938bd486f81
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_s390.deb
        Size/MD5 checksum:  6447592 91f556b6e00439aae903ce9cd63dc14c
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_sparc.deb
        Size/MD5 checksum:  6421798 f5855fdef3d8ca0b896d4720b9ef4651
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.