Mandriva Update For Blender MDVSA-2008:204 (blender) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted .hdr or .blend file were opened(CVE-2008-1102). As well, multiple vulnerabilities involving insecure usage of temporary files had also been reported (CVE-2008-1103). The updated packages have been patched to prevent these issues.

Affected

blender on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1102, CVE-2008-1103
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:046 (dia)
Mandrake Security Advisory MDVSA-2009:077 (pam)
Mandrake Security Advisory MDVSA-2009:087 (openssl)
Mandrake Security Advisory MDVSA-2009:112 (ipsec-tools)
Mandrake Security Advisory MDVSA-2009:038 (blender)

Mandriva Update for blender MDVSA-2008:204 (blender)

Take action and discover your vulnerabilities