drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Blender
Name: |
Ausführen beliebiger Kommandos in Blender |
|
ID: |
USN-699-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 6.06 |
|
Datum: |
Mo, 22. Dezember 2008, 15:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4863 |
|
Applikationen: |
Blender |
|
Originalnachricht |
--===============2885631442554705648== Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-dWne1r536o2HA/issnOR"
--=-dWne1r536o2HA/issnOR Content-Type: text/plain Content-Transfer-Encoding: quoted-printable
Ubuntu Security Notice USN-699-1 December 22, 2008========================================================== blender vulnerabilities CVE-2008-1102, CVE-2008-4863 ========================================================== A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: blender 2.41-1ubuntu4.1
After a standard system upgrade you need to restart Blender to effect the necessary changes.
Details follow:
It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execu= te arbitrary code with the user's privileges. (CVE-2008-1102)
It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a speciall= y crafted Python file in the Blender working directory. (CVE-2008-4863)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubu= ntu4.1.diff.gz Size/MD5: 25321 a6a2c9e48b5c274d1744d740b0d0501e http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubu= ntu4.1.dsc Size/MD5: 947 2c501e9883db205fab612b6cd7b50d27 http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41.orig= .tar.gz Size/MD5: 9464385 f6b54ff73c37aaca4d3f5babdd156fbf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubu= ntu4.1_amd64.deb Size/MD5: 5399852 ee9c0adcf8fb0cf7021dd3d5132dab41
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubu= ntu4.1_i386.deb Size/MD5: 4848820 f68c68e0db4b4ea0b7c8eed29217e398
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubu= ntu4.1_powerpc.deb Size/MD5: 5467466 aee78b058760935e9cbe92e069c3ae19
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.41-1ubu= ntu4.1_sparc.deb Size/MD5: 5110704 5f03470392a9c258d2116995b0a6e605
--=-dWne1r536o2HA/issnOR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAklPpYAACgkQLMAs/0C4zNqcwQCgkDJMsvCJgTuzMlFJPG8CnDIb nAUAoLpBqVWH5PMYnkBE5we96ylXYh3v =/pdt -----END PGP SIGNATURE-----
--=-dWne1r536o2HA/issnOR--
--===============2885631442554705648== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2885631442554705648==--
|
|
|
|