Package name
blender
Date
2009-12-08
Advisory ID
MDVSA-2009:038-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Blender working directory
(CVE-2008-4863).

This update provides fix for that vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 b60867db33d3245357b4e7d942edb53b  2008.0/i586/blender-2.45-2.2mdv2008.0.i586.rpm 
 50ddcb1a013b3978e13b430d99e452e7  2008.0/SRPMS/blender-2.45-2.2mdv2008.0.src.rpm

2008.0 x86_64

 753361a5a8ee34c4adaf49cf82974827  2008.0/x86_64/blender-2.45-2.2mdv2008.0.x86_64.rpm 
 50ddcb1a013b3978e13b430d99e452e7  2008.0/SRPMS/blender-2.45-2.2mdv2008.0.src.rpm

References