Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Fedora 36: Blender Critical Fix For CVE-2022-28041 Severity: Critical

fedora
Calendar Grey May 7, 2022
Dist Fedora Esm H88
Important update for Blender in Fedora 36 released to resolve CVE-2022-28041, which impacts usd and stb_image components.
Security fix for CVE-2022-28041 affecting `usd` via its dependency on the header-only `stb_image` library

Summary

Blender is the essential software solution you need for 3D, from modeling,

animation, rendering and post-production to interactive creation and playback.

Professionals and novices can easily and inexpensively publish stand-alone,

secure, multi-platform content to the web, CD-ROMs, and other media.

Security fix for CVE-2022-28041 affecting `usd` via its dependency on the

header-only `stb_image` library. ----- Do not package `pxrConfig.cmake` with

`usd`, since it is not usable with a monolithic library build. - Move bundled

library virtual `Provides` from `usd` to `usd-libs` - Do not use `jemalloc` in

`usd`

* Sun Apr 10 2022 Benjamin A. Beasley 1:3.1.2-3

- BR usd-devel instead of cmake(pxr)

* Fri Apr 1 2022 Fedora Release Monitoring 1:3.1.2-1

- Update to 3.1.2 (#2070344)

* Fri Apr 1 2022 Fedora Release Monitoring 1:3.1.1-1

- Update to 3.1.1 (#2070344)

[ 1 ] Bug #2055414 - usd-devel is missing pxrTargets.cmake

https://bugzilla.redhat.com/show_bug.cgi?id=2055414

[ 2 ] Bug #2077054 - Rebuild usd with updated stb_image-{devel,static} for CVE-2022-28041

https://bugzilla.redhat.com/show_bug.cgi?id=2077054

su -c 'dnf upgrade --advisory FEDORA-2022-c87bba6546' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory Fedora critical fix Blender dependency issue usd library

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 3.1.2
Release: 3.fc36
URL:
Summary: 3D modeling, animation, rendering and post-production

Topics%20covered

Topics Covered

security advisory Fedora critical fix Blender dependency issue usd library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here