Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Ubuntu » Blender vulnerability

Blender vulnerability

  • Vendor: Ubuntu
  • Vendor ID: USN-238-1
  • Date: January 06, 2006


===========================================================
Ubuntu Security Notice USN-238-1 January 06, 2006
blender vulnerability
CVE-2005-3354
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

blender

The problem can be corrected by upgrading the affected package to
version 2.37a-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Kurt Fitzner discovered that the NBD (network block device) server did
not correctly verify the maximum size of request packets. By sending
specially crafted large request packets, a remote attacker who is
allowed to access the server could exploit this to execute arbitrary
code with root privileges.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.diff.gz
Size/MD5: 11607 282c2bc853abdd9fcadeb94fd42d293f
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.dsc
Size/MD5: 759 f6d6c5fe8bba50202cb60db85a1f3240
http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a.orig.tar.gz
Size/MD5: 7885589 2af6afdb01c1d297c43602982d9a919c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_amd64.deb
Size/MD5: 4791610 926553266642bd9f625e1b27dccd23ff

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_i386.deb
Size/MD5: 4113452 ee9f2a301ed054d9c56dd2412757465b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_powerpc.deb
Size/MD5: 4641056 8b75ee14b6ce089d7172c88343a1b821
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20060106/b6d3e26a/attachment.pgp

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »