Debian Long Term Support / LTS Security Information / 2018 / Security Information -- DLA-1465-1 blender

Debian Security Advisory

DLA-1465-1 blender -- LTS security update

Date Reported:

13 Aug 2018

Affected Packages:

blender

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908, CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12105.

More information:

Multiple vulnerabilities have been discovered in various parsers of Blender, a 3D modeller/ renderer. Malformed .blend model files and malformed multimedia files (AVI, BMP, HDR, CIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code.

For Debian 8 Jessie, these problems have been fixed in version 2.72.b+dfsg0-3+deb8u1.

We recommend that you upgrade your blender packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS