{"id":"MGASA-2018-0332","summary":"Updated blender packages fix security vulnerabilities","details":"Updated blender package fixes security vulnerabilities:\n\nMultiple vulnerabilities have been discovered in various parsers of Blender.\nMalformed .blend model files and malformed multimedia files (AVI, BMP, HDR,\nCIN, IRIS, PNG, TIFF) may result in the execution of arbitrary code\n(CVE-2017-2899, CVE-2017-2900, CVE-2017-2901, CVE-2017-2902, CVE-2017-2903,\n CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2908,\n CVE-2017-2918, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, \n CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12102,\n CVE-2017-12103, CVE-2017-12104, CVE-2017-12105).\n\nThese issues are fixed by updating to the latest upstream 2.79b release,\nwhich brings many improvements, bug fixes and new features. See the\nreferenced changelog for details.\n\nAlso, the yafaray package has been updated to the latest version, 3.3.0, to\nmake it work with the new Blender addons path.\n","modified":"2026-04-16T06:24:22.572442168Z","published":"2018-08-10T14:37:39Z","upstream":["CVE-2017-12081","CVE-2017-12082","CVE-2017-12086","CVE-2017-12099","CVE-2017-12100","CVE-2017-12101","CVE-2017-12102","CVE-2017-12103","CVE-2017-12104","CVE-2017-12105","CVE-2017-2899","CVE-2017-2900","CVE-2017-2901","CVE-2017-2902","CVE-2017-2903","CVE-2017-2904","CVE-2017-2905","CVE-2017-2906","CVE-2017-2907","CVE-2017-2908","CVE-2017-2918"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0332.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23332"},{"type":"WEB","url":"https://www.blender.org/features/2-79/"},{"type":"WEB","url":"http://www.yafaray.org/node/817"},{"type":"WEB","url":"https://www.debian.org/security/2018/dsa-4248"}],"affected":[{"package":{"name":"blender","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/blender?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.79b-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0332.json"}},{"package":{"name":"yafaray","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/yafaray?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.0-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0332.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}