Advisories ยป MGASA-2018-0332

Updated blender packages fix security vulnerabilities

Publication date: 10 Aug 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-2899 , CVE-2017-2900 , CVE-2017-2901 , CVE-2017-2902 , CVE-2017-2903 , CVE-2017-2904 , CVE-2017-2905 , CVE-2017-2906 , CVE-2017-2907 , CVE-2017-2908 , CVE-2017-2918 , CVE-2017-12081 , CVE-2017-12082 , CVE-2017-12086 , CVE-2017-12099 , CVE-2017-12100 , CVE-2017-12101 , CVE-2017-12102 , CVE-2017-12103 , CVE-2017-12104 , CVE-2017-12105


Updated blender package fixes security vulnerabilities:

Multiple vulnerabilities have been discovered in various parsers of Blender.
Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR,
CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code
(CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903,
 CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908,
 CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, 
 CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102,
 CVE-2017-12103, CVE-2017-12104, CVE-2017-12105).

These issues are fixed by updating to the latest upstream 2.79b release,
which brings many improvements, bug fixes and new features. See the
referenced changelog for details.

Also, the yafaray package has been updated to the latest version, 3.3.0, to
make it work with the new Blender addons path.