Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Blender (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Blender (Aktualisierung)
ID: USN-238-2
Distribution: Ubuntu
Plattformen: Ubuntu 5.10
Datum: Fr, 6. Januar 2006, 10:53
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470
Applikationen: Blender
Update von: Pufferüberlauf in Blender

Originalnachricht


--===============0160561548==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="jousvV0MzM2p6OtC"
Content-Disposition: inline


--jousvV0MzM2p6OtC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-238-2 January 06, 2006
blender vulnerability
CVE-2005-4470
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

blender

The problem can be corrected by upgrading the affected package to
version 2.37a-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

The original advisory in USN-238-1 accidentially contained a wrong CVE
number and advisory text. We apologize for this error.

Details follow:

Damian Put discovered that Blender did not properly validate a
'length' value in .blend files. Negative values led to an
insufficiently sized memory allocation. By tricking a user into
opening a specially crafted .blend file, this could be exploited to
execute arbitrary code with the privileges of the Blender user.

Source archives:

blender_2.37a-1ubuntu1.1.diff.gz
Size/MD5: 11607 282c2bc853abdd9fcadeb94fd42d293f
blender_2.37a-1ubuntu1.1.dsc
Size/MD5: 759 f6d6c5fe8bba50202cb60db85a1f3240
blender_2.37a.orig.tar.gz
Size/MD5: 7885589 2af6afdb01c1d297c43602982d9a919c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

blender_2.37a-1ubuntu1.1_amd64.deb
Size/MD5: 4791610 926553266642bd9f625e1b27dccd23ff

i386 architecture (x86 compatible Intel/AMD)

blender_2.37a-1ubuntu1.1_i386.deb
Size/MD5: 4113452 ee9f2a301ed054d9c56dd2412757465b

powerpc architecture (Apple Macintosh G3/G4/G5)

blender_2.37a-1ubuntu1.1_powerpc.deb
Size/MD5: 4641056 8b75ee14b6ce089d7172c88343a1b821

--jousvV0MzM2p6OtC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDvjzADecnbV4Fd/IRAgM0AKCGWrSEuNkgelFIcyowQOIZLc+DKACgr3Q8
DuYQCpfk1eBRl0r0BsSLiH8=
=ShKz
-----END PGP SIGNATURE-----

--jousvV0MzM2p6OtC--


--===============0160561548==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0160561548==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung