Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:204 (blender)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61661

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:204 (blender)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to blender
announced via advisory MDVSA-2008:204.

Stefan Cornelius of Secunia Research reported a boundary error when
Blender processed RGBE images which could be used to execute arbitrary
code with the privileges of the user running Blender if a specially
crafted .hdr or .blend file were opened(CVE-2008-1102).

As well, multiple vulnerabilities involving insecure usage of temporary
files had also been reported (CVE-2008-1103).

The updated packages have been patched to prevent these issues.

Affected: 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:204

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1102
BugTraq ID: 28870
http://www.securityfocus.com/bid/28870
Debian Security Information: DSA-1567 (Google Search)
http://www.debian.org/security/2008/dsa-1567
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00225.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00237.html
http://www.gentoo.org/security/en/glsa/glsa-200805-12.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:204
http://secunia.com/secunia_research/2008-16/advisory/
http://secunia.com/advisories/29818
http://secunia.com/advisories/29957
http://secunia.com/advisories/30097
http://secunia.com/advisories/30151
http://secunia.com/advisories/30272
SuSE Security Announcement: SUSE-SR:2008:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
http://www.vupen.com/english/advisories/2008/1308/references
XForce ISS Database: blender-imbloadhdr-bo(41917)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41917
Common Vulnerability Exposure (CVE) ID: CVE-2008-1103
BugTraq ID: 28936
http://www.securityfocus.com/bid/28936
http://secunia.com/advisories/29842
XForce ISS Database: blender-file-unspecified(42153)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42153

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61661
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:204 (blender)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to blender announced via advisory MDVSA-2008:204. Stefan Cornelius of Secunia Research reported a boundary error when Blender processed RGBE images which could be used to execute arbitrary code with the privileges of the user running Blender if a specially crafted .hdr or .blend file were opened(CVE-2008-1102). As well, multiple vulnerabilities involving insecure usage of temporary files had also been reported (CVE-2008-1103). The updated packages have been patched to prevent these issues. Affected: 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:204 Risk factor : High CVSS Score: 6.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1102 BugTraq ID: 28870 http://www.securityfocus.com/bid/28870 Debian Security Information: DSA-1567 (Google Search) http://www.debian.org/security/2008/dsa-1567 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00225.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00237.html http://www.gentoo.org/security/en/glsa/glsa-200805-12.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:204 http://secunia.com/secunia_research/2008-16/advisory/ http://secunia.com/advisories/29818 http://secunia.com/advisories/29957 http://secunia.com/advisories/30097 http://secunia.com/advisories/30151 http://secunia.com/advisories/30272 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.vupen.com/english/advisories/2008/1308/references XForce ISS Database: blender-imbloadhdr-bo(41917) https://exchange.xforce.ibmcloud.com/vulnerabilities/41917 Common Vulnerability Exposure (CVE) ID: CVE-2008-1103 BugTraq ID: 28936 http://www.securityfocus.com/bid/28936 http://secunia.com/advisories/29842 XForce ISS Database: blender-file-unspecified(42153) https://exchange.xforce.ibmcloud.com/vulnerabilities/42153
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com