[Bf-committers] Blender appears on the Bugtraq security list
Hans Lambermont
hans at lambermont.dyndns.org
Fri Jan 6 20:58:16 CET 2006
AFAIK this is the first time that a security bug in Blender popped up on
the bugtraq list. Is the issue involved also fixed in the blender.org
CVS tree ?
[USN-238-1] Blender vulnerability
22733 by: Martin Pitt
[USN-238-2] Blender vulnerability
22734 by: Martin Pitt
Btw, I have no idea what USN-238-1 is about (does Blender have
networking capabilities that I missed ?) But USN-238-2 is about a .blend
file.
See below.
-- Hans Lambermont
From: Martin Pitt <martin.pitt at canonical.com>
To: ubuntu-security-announce at lists.ubuntu.com
Subject: [USN-238-1] Blender vulnerability
Date: Fri, 6 Jan 2006 10:13:41 +0100
Cc: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
Message-ID: <20060106091341.GB5197 at piware.de>
===========================================================
Ubuntu Security Notice USN-238-1 January 06, 2006
blender vulnerability
CVE-2005-3354
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
blender
The problem can be corrected by upgrading the affected package to
version 2.37a-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Kurt Fitzner discovered that the NBD (network block device) server did
not correctly verify the maximum size of request packets. By sending
specially crafted large request packets, a remote attacker who is
allowed to access the server could exploit this to execute arbitrary
code with root privileges.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.diff.gz
Size/MD5: 11607 282c2bc853abdd9fcadeb94fd42d293f
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.dsc
Size/MD5: 759 f6d6c5fe8bba50202cb60db85a1f3240
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a.orig.tar.gz
Size/MD5: 7885589 2af6afdb01c1d297c43602982d9a919c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_amd64.deb
Size/MD5: 4791610 926553266642bd9f625e1b27dccd23ff
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_i386.deb
Size/MD5: 4113452 ee9f2a301ed054d9c56dd2412757465b
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_powerpc.deb
Size/MD5: 4641056 8b75ee14b6ce089d7172c88343a1b821
From: Martin Pitt <martin.pitt at canonical.com>
To: ubuntu-security-announce at lists.ubuntu.com
Subject: [USN-238-2] Blender vulnerability
Date: Fri, 6 Jan 2006 10:47:44 +0100
Cc: full-disclosure at lists.grok.org.uk, bugtraq at securityfocus.com
Message-ID: <20060106094744.GC5197 at piware.de>
===========================================================
Ubuntu Security Notice USN-238-2 January 06, 2006
blender vulnerability
CVE-2005-4470
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
blender
The problem can be corrected by upgrading the affected package to
version 2.37a-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
The original advisory in USN-238-1 accidentially contained a wrong CVE
number and advisory text. We apologize for this error.
Details follow:
Damian Put discovered that Blender did not properly validate a
'length' value in .blend files. Negative values led to an
insufficiently sized memory allocation. By tricking a user into
opening a specially crafted .blend file, this could be exploited to
execute arbitrary code with the privileges of the Blender user.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.diff.gz
Size/MD5: 11607 282c2bc853abdd9fcadeb94fd42d293f
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.dsc
Size/MD5: 759 f6d6c5fe8bba50202cb60db85a1f3240
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a.orig.tar.gz
Size/MD5: 7885589 2af6afdb01c1d297c43602982d9a919c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_amd64.deb
Size/MD5: 4791610 926553266642bd9f625e1b27dccd23ff
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_i386.deb
Size/MD5: 4113452 ee9f2a301ed054d9c56dd2412757465b
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_powerpc.deb
Size/MD5: 4641056 8b75ee14b6ce089d7172c88343a1b821
----- End forwarded message -----
--
http://hans.dse.nl/ () ASCII-ribbon campaign against vCards,
/\ HTML-mail and proprietary formats.
More information about the Bf-committers
mailing list