Ausführen beliebiger Kommandos in Blender (Aktualisierung)
ID: | USN-238-2 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 5.10 |
Datum: | Fr, 6. Januar 2006, 10:53 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470 |
Applikationen: | Blender |
Update von: | Pufferüberlauf in Blender |
Originalnachricht |
|
--===============0160561548== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jousvV0MzM2p6OtC" Content-Disposition: inline --jousvV0MzM2p6OtC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline =========================================================== Ubuntu Security Notice USN-238-2 January 06, 2006 blender vulnerability CVE-2005-4470 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The following packages are affected: blender The problem can be corrected by upgrading the affected package to version 2.37a-1ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. The original advisory in USN-238-1 accidentially contained a wrong CVE number and advisory text. We apologize for this error. Details follow: Damian Put discovered that Blender did not properly validate a 'length' value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user. Source archives: http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.diff.gz Size/MD5: 11607 282c2bc853abdd9fcadeb94fd42d293f http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.dsc Size/MD5: 759 f6d6c5fe8bba50202cb60db85a1f3240 http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a.orig.tar.gz Size/MD5: 7885589 2af6afdb01c1d297c43602982d9a919c amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_amd64.deb Size/MD5: 4791610 926553266642bd9f625e1b27dccd23ff i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_i386.deb Size/MD5: 4113452 ee9f2a301ed054d9c56dd2412757465b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_powerpc.deb Size/MD5: 4641056 8b75ee14b6ce089d7172c88343a1b821 --jousvV0MzM2p6OtC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDvjzADecnbV4Fd/IRAgM0AKCGWrSEuNkgelFIcyowQOIZLc+DKACgr3Q8 DuYQCpfk1eBRl0r0BsSLiH8= =ShKz -----END PGP SIGNATURE----- --jousvV0MzM2p6OtC-- --===============0160561548== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============0160561548==-- |