Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 219008
Alias:
Product:
Component:
Status: REOPENED
Resolution:
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Lars Hartmann <lars@chaotika.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 219008 depends on: Show dependency tree
Bug 219008 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.








View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-04-23 11:22 0000 
Secunia Research has discovered a vulnerability in Blender, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "imb_loadhdr()"
function in source/blender/imbuf/intern/radiance_hdr.c, which can be exploited
to cause a stack-based buffer overflow by e.g. tricking a user into opening a
specially crafted Blender (*.blend) file containing a malicious Radiance RGBE
image.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2.45. Other versions may also be
affected.

Solution:
Fixed in the SVN repository.

------- Comment #1 From Tomas Hoger 2008-04-24 08:23:48 0000 ------- 
> Fixed in the SVN repository.

Revisions 14432, 14451, 14461

------- Comment #2 From Markus Meier 2008-04-27 12:26:22 0000 ------- 
I bumped blender in cvs with the following patch:
http://cvs.fedora.redhat.com/viewcvs/rpms/blender/F-9/blender-2.45-cve-2008-1102.patch?sortby=date&view=markup

The new revisions are:
blender-2.45-r3: ~arch (masked for >=media-video/ffmpeg-0.4.9_p20080326)
blender-2.45-r2 ~arch
blender-2.43-r1 stable candidate

------- Comment #3 From Robert Buchholz 2008-05-03 19:44:09 0000 ------- 
CVE-2008-1103 is public now too:
Multiple unspecified vulnerabilities in Blender have unknown impact and attack
vectors, related to "temporary file issues."

I don't know what the situation is with a patch there. Markus, do you?

------- Comment #4 From Robert Buchholz 2008-05-03 19:44:53 0000 ------- 
*** Bug 217694 has been marked as a duplicate of this bug. ***

------- Comment #5 From Markus Meier 2008-05-07 21:10:02 0000 ------- 
(In reply to comment #3)
> CVE-2008-1103 is public now too:
> Multiple unspecified vulnerabilities in Blender have unknown impact and attack
> vectors, related to "temporary file issues."
> 
> I don't know what the situation is with a patch there. Markus, do you?
> 

grabbed patches fro CVE-2008-1103 from fedora:
http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/blender/F-9/blender-2.45-cve-2008-1103-1.patch?sortby=date
http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/blender/F-9/blender-2.45-cve-2008-1103-2.patch?sortby=date


The new revisions are:
media-gfx/blender-2.45-r4 ~arch
media-gfx/blender-2.43-r2 stable candidate

no new revision (but patches added) for p.masked version
(media-gfx/blender-2.45-r3)

------- Comment #6 From Robert Buchholz 2008-05-08 07:52:32 0000 ------- 
Arches, please test and mark stable:
=media-gfx/blender-2.43-r2
Target keywords : "ppc ppc64 release x86"

------- Comment #7 From Christian Faulhammer 2008-05-08 14:47:58 0000 ------- 
x86 stable

------- Comment #8 From Markus Rothe 2008-05-09 14:29:30 0000 ------- 
ppc64 stable

------- Comment #9 From Tobias Scherbaum 2008-05-11 12:09:38 0000 ------- 
ppc stable

------- Comment #10 From Markus Meier 2008-05-11 13:08:45 0000 ------- 
  11 May 2008; Markus Meier <maekke@gentoo.org> -blender-2.43.ebuild:
  old

------- Comment #11 From Pierre-Yves Rofes 2008-05-11 13:11:26 0000 ------- 
GLSA request filed.

------- Comment #12 From Peter Volkov 2008-05-11 18:20:39 0000 ------- 
Fixed in release snapshot.

------- Comment #13 From Pierre-Yves Rofes 2008-05-12 21:18:00 0000 ------- 
GLSA 200805-12

------- Comment #14 From Tomas Hoger 2008-05-14 07:00:05 0000 ------- 
Please note that cve-2008-1103-1.patch and cve-2008-1103-2.patch in Fedora
packages do not resolve CVE-2008-1103 completely, only /tmp/quit.blend part of
the issue.  See also:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1103#c8

------- Comment #15 From Sune Kloppenborg Jeppesen 2008-05-14 18:30:57 0000 ------- 
Thanks for the info.

Reopening for maintainer advise.

------- Comment #16 From Samuli Suominen 2008-12-22 14:44:48 0000 ------- 
Hmm. Only blender-2.48a-r3 is left in tree.. if the CVE fixes ever went
upstream, they should be in by now.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug