blender: CVE-2008-1102 arbitrary code execution via crafted .blend file

Debian Bug report logs - #477808
blender: CVE-2008-1102 arbitrary code execution via crafted .blend file

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: submit@bugs.debian.org

Subject: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file

Date: Fri, 25 Apr 2008 14:06:11 +0200

[Message part 1 (text/plain, inline)]

Package: blender
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for blender.


CVE-2008-1102[0]:
| Stack-based buffer overflow in the imb_loadhdr function in Blender
| 2.45 allows user-assisted remote attackers to execute arbitrary code
| via a .blend file that contains a crafted Radiance RGBE image.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102
    http://security-tracker.debian.net/tracker/CVE-2008-1102

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #10 received at 477808@bugs.debian.org (full text, mbox, reply):

From: Tomas Hoger <thoger@redhat.com>

To: 477808@bugs.debian.org

Subject: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file

Date: Fri, 25 Apr 2008 15:21:22 +0200

Hi!

Upstream patch:

svn diff -r14431:14461
https://svn.blender.org/svnroot/bf-blender/trunk/blender/source/blender/imbuf/intern/radiance_hdr.c

http://cvs.fedoraproject.org/viewcvs/rpms/blender/devel/blender-2.45-cve-2008-1102.patch

HTH

-- 
Tomas Hoger

Message #17 received at 477808@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <kibi@debian.org>

To: Tomas Hoger <thoger@redhat.com>, 477808@bugs.debian.org

Cc: 477808-submitter@bugs.debian.org, control@bugs.debian.org

Subject: Re: Bug#477808: blender: CVE-2008-1102 arbitrary code execution via crafted .blend file

Date: Fri, 25 Apr 2008 16:41:07 +0200

[Message part 1 (text/plain, inline)]

tag 477808 pending
thanks

On 25/04/2008, Tomas Hoger wrote:
> Hi!

Hi,

> Upstream patch:
> […]
> HTH

sure, many thanks!

Mraw,
KiBi.

[Message part 2 (application/pgp-signature, inline)]

Message #27 received at 477808-close@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <kibi@debian.org>

To: 477808-close@bugs.debian.org

Subject: Bug#477808: fixed in blender 2.45-5

Date: Fri, 25 Apr 2008 21:32:05 +0000

Source: blender
Source-Version: 2.45-5

We believe that the bug you reported is fixed in the latest version of
blender, which is due to be installed in the Debian FTP archive:

blender_2.45-5.diff.gz
  to pool/main/b/blender/blender_2.45-5.diff.gz
blender_2.45-5.dsc
  to pool/main/b/blender/blender_2.45-5.dsc
blender_2.45-5_i386.deb
  to pool/main/b/blender/blender_2.45-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 477808@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated blender package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 25 Apr 2008 22:50:31 +0200
Source: blender
Binary: blender
Architecture: source i386
Version: 2.45-5
Distribution: unstable
Urgency: high
Maintainer: Cyril Brulebois <kibi@debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description: 
 blender    - Very fast and versatile 3D modeller/renderer
Closes: 441216 463749 477761 477808
Changes: 
 blender (2.45-5) unstable; urgency=high
 .
   * debian/control:
      - Adjust Maintainer and Uploaders according to last years' activity.
      - Update my mail address. Many thanks to Florian Ernst who sponsored
        all my uploads.
   * Switch from python2.4 to python2.5 (Closes: #477761):
      - Replace python2.4-dev with python2.5-dev in Build-Depends.
      - Refresh the following patch to set BF_PYTHON_VERSION accordingly:
         - 50_debian_build_config.
   * Fix CVE-2008-1102: “Stack-based buffer overflow in the imb_loadhdr
     function allows user-assisted remote attackers to execute arbitrary
     code via a .blend file that contains a crafted Radiance RGBE image.”
     Add upstream patch as pointed to by Tomas Hoger <thoger@redhat.com>
     (thanks!), which basically adds a check on sscanf() return code and
     limits the size of accepted %s parameters (Closes: #477808):
      - 30_fix_CVE-2008-1102.
   * Bump urgency to “high” accordingly.
   * Disable the “-Wdeclaration-after-statement” C_WARN flag (which is only
     valid for C/ObjC but not for C++) in config/linux2-config.py, by
     updating the following patch:
      - 50_debian_build_config.
   * Use DEB_HOST_ARCH to determine whether the host architecture is
     big-endian so as to pass an extra “-D__BIG_ENDIAN__” flag to the
     compiler, thus fixing the buggy endianness detection (upstream lists
     every platform, but misses at least hppa, mips, and s390). Thanks to
     Stefan Gartner for the tip (Closes: #441216).
   * Make scons understand what is wanted from it:
      - Pass “-g” and “-O” options through CFLAGS.
      - Pass “-D” options through CPPFLAGS.
   * Add patch to make blender able to use the compatibility layer that
     scons is setting up for its Option->Variable transition, initiated in
     scons 0.98.2-1 (deprecation will follow, but Blender should be updated
     upstream in the meanwhile), thanks to Mark Brown (see #477912):
      - 40_workaround_scons_options_deprecation.
   * Switch from ttf-bitstream-vera to ttf-dejavu (Closes: #463749), thanks
     to Sven Arvidsson:
      - debian/control: Update Depends.
      - debian/rules: Update symlink.
Checksums-Sha1: 
 65c6c63b4fd52e5ba2ad94c3a5f9fc457bac1700 1349 blender_2.45-5.dsc
 67d5edcae9bb8dfbd8cbf2fb552ce5d2af930c6a 27898 blender_2.45-5.diff.gz
 08807fe398775c61f818b7827188275a06eb6c74 7356186 blender_2.45-5_i386.deb
Checksums-Sha256: 
 6c80c78bdc506bd314648bed06b60d710b02050e46abb3b490e891a47e028886 1349 blender_2.45-5.dsc
 1faf4f564eb1a61360e656b09cf9052f1b226295625e464a06ece4c60b169946 27898 blender_2.45-5.diff.gz
 f3f3cfb26b16064ae563274fe33bab427866b238b0d1fff784432dbf3d62ce94 7356186 blender_2.45-5_i386.deb
Files: 
 11e9908bbf67c791fb493381719df55e 1349 graphics optional blender_2.45-5.dsc
 36459ddf53b4c12da5a1c1ba5ef4a2cd 27898 graphics optional blender_2.45-5.diff.gz
 d8a27300fb559cdbf4c919ace56da31c 7356186 graphics optional blender_2.45-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIEkx9eGfVPHR5Nd0RAj4xAJ0Q9iyO75e9FzEoRQtCKXSWe7A/7gCeJg6q
RY21ywxXt36BtIY37k2xk0g=
=w+MP
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.