Mandriva Update For Blender MDVSA-2008:204 (blender) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted .hdr or .blend file were opened(CVE-2008-1102). As well, multiple vulnerabilities involving insecure usage of temporary files had also been reported (CVE-2008-1103). The updated packages have been patched to prevent these issues.

Affected

blender on Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1102, CVE-2008-1103

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:177 (ruby)
Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)

Mandriva Update for blender MDVSA-2008:204 (blender)

Take action and discover your vulnerabilities