Debian Security Advisory

DLA-1465-1 blender -- LTS security update

Date Reported:
13 Aug 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908, CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12105.
More information:

Multiple vulnerabilities have been discovered in various parsers of Blender, a 3D modeller/ renderer. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code.

For Debian 8 Jessie, these problems have been fixed in version 2.72.b+dfsg0-3+deb8u1.

We recommend that you upgrade your blender packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: