Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201311-07 ] Blender: Multiple vulnerabilities
Date: Wed, 13 Nov 2013 11:38:23
Message-Id: 52836420.5040009@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201311-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Blender: Multiple vulnerabilities
9 Date: November 13, 2013
10 Bugs: #219008, #293130
11 ID: 201311-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Blender, the worst of which
19 could allow attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 Blender is a 3D Creation/Animation/Publishing System.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 media-gfx/blender < 2.49b-r2 >= 2.49b-r2
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in Blender. Please review
38 the CVE identifier referenced below for details.
39
40 Impact
41 ======
42
43 A remote attacker could possibly execute arbitrary code with the
44 privileges of the process, or cause a Denial of Service condition.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All Blender users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=media-gfx/blender-2.49b-r2"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2008-1102
63 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1102
64 [ 2 ] CVE-2008-1103
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1103
66 [ 3 ] CVE-2009-3850
67 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3850
68
69 Availability
70 ============
71
72 This GLSA and any updates to it are available for viewing at
73 the Gentoo Security Website:
74
75 http://security.gentoo.org/glsa/glsa-201311-07.xml
76
77 Concerns?
78 =========
79
80 Security is a primary focus of Gentoo Linux and ensuring the
81 confidentiality and security of our users' machines is of utmost
82 importance to us. Any security concerns should be addressed to
83 security@g.o or alternatively, you may file a bug at
84 https://bugs.gentoo.org.
85
86 License
87 =======
88
89 Copyright 2013 Gentoo Foundation, Inc; referenced text
90 belongs to its owner(s).
91
92 The contents of this document are licensed under the
93 Creative Commons - Attribution / Share Alike license.
94
95 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature