MGASA-2018-0332

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0332.html

Import Source

https://advisories.mageia.org/MGASA-2018-0332.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0332

Related

Published

2018-08-10T14:37:39Z

Modified

2018-08-10T14:14:41Z

Summary

Updated blender packages fix security vulnerabilities

Details

Updated blender package fixes security vulnerabilities:

Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code (CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908, CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12105).

These issues are fixed by updating to the latest upstream 2.79b release, which brings many improvements, bug fixes and new features. See the referenced changelog for details.

Also, the yafaray package has been updated to the latest version, 3.3.0, to make it work with the new Blender addons path.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / blender

Package

Name: blender
Purl: pkg:rpm/mageia/blender?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.79b-1.1.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / yafaray

Package

Name: yafaray
Purl: pkg:rpm/mageia/yafaray?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.0-1.2.mga6

Ecosystem specific

{
    "section": "core"
}