MDVSA-2008:204

Package name

blender

Date

2008-09-24

Advisory ID

MDVSA-2008:204

Affected versions

2008.1 i586 , 2008.1 x86_64 , 2008.0 i586 , 2008.0 x86_64

Problem description

Stefan Cornelius of Secunia Research reported a boundary error when
Blender processed RGBE images which could be used to execute arbitrary
code with the privileges of the user running Blender if a specially
crafted .hdr or .blend file were opened(CVE-2008-1102).

As well, multiple vulnerabilities involving insecure usage of temporary
files had also been reported (CVE-2008-1103).

The updated packages have been patched to prevent these issues.

Updated packages

2008.1 i586

 32cad77461dca17240719d8f3bb6cf6b  2008.1/i586/blender-2.45-7.1mdv2008.1.i586.rpm 
 e65dbe183dbbb3420707218d69ce9897  2008.1/SRPMS/blender-2.45-7.1mdv2008.1.src.rpm

2008.1 x86_64

 a3f83bb2a3617a2d80efaccb9c207f21  2008.1/x86_64/blender-2.45-7.1mdv2008.1.x86_64.rpm 
 e65dbe183dbbb3420707218d69ce9897  2008.1/SRPMS/blender-2.45-7.1mdv2008.1.src.rpm

2008.0 i586

 e3a5d49f7b992b7cc4cd9525d73ea4f6  2008.0/i586/blender-2.45-2.1mdv2008.0.i586.rpm 
 d5691e5af5c50fb80fc244e427918003  2008.0/SRPMS/blender-2.45-2.1mdv2008.0.src.rpm

2008.0 x86_64

 5411e43bc26366a1ec9f3a0da3670eb0  2008.0/x86_64/blender-2.45-2.1mdv2008.0.x86_64.rpm 
 d5691e5af5c50fb80fc244e427918003  2008.0/SRPMS/blender-2.45-2.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1103