FEDORA-EPEL-2022-4a24f39c87 — security update for blender

stable

blender-2.68a-9.el7

FEDORA-EPEL-2022-4a24f39c87 created by music 11 months ago for Fedora EPEL 7

Security fix for CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12105, CVE-2017-2908, CVE-2017-2899, CVE-2017-2900, fix CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2918.

Includes manual backports of the following upstream commits:

a6700362 “Memory: add MEM_malloc_arrayN() function to protect against overflow.”
d30cc1ea “Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.”
07aed40 “Fix buffer overflow vulernability in thumbnail file reading.”
e6df028 “Fix buffer overflow vulnerabilities in mesh code.”
e6df028 “Fix buffer overflow vulnerability in curve, font, particles code.”

This update has been submitted for testing by music.

11 months ago

This update's test gating status has been changed to 'ignored'.

11 months ago

This update has been pushed to testing.

11 months ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

blender-2.68a-9.el7

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

11 months ago

in testing

11 months ago

in stable

11 months ago

BZ#1571612 CVE-2017-12086 blender: Integer overflow in BKE_mesh_calc_normals_tessface potentially leading to code execution [epel-7]

BZ#1610813 CVE-2017-2899 blender: Integer Overflow in imb_loadtiff [epel-7]

BZ#1610816 CVE-2017-2900 blender: Integer Overflow in IMB_ibImageFromMemory [epel-7]

BZ#1610819 CVE-2017-2901 blender: Integer Overflow in imb_loadiris [epel-7]

BZ#1610822 CVE-2017-2902 blender: Integer Overflow in DPX loading [epel-7]

BZ#1610824 CVE-2017-2903 blender: Integer Overflow in logImageOpenFromMemory [epel-7]

BZ#1610827 CVE-2017-2904 blender: Integer Overflow in the RADIANCE loading functionality [epel-7]

BZ#1610829 CVE-2017-2905 blender: Integer Overflow in the bmp loading functionality [epel-7]

BZ#1610832 CVE-2017-2906 blender: Integer Overflow in the animation playing functionality [epel-7]

BZ#1610834 CVE-2017-2907 blender: Integer Overflow in the animation playing functionality [epel-7]

BZ#1610836 CVE-2017-2908 blender: Integer Overflow in the thumbnail functionality [epel-7]

BZ#1610840 CVE-2017-12105 blender: Integer Overflow in the BKE_mesh_vertexCos_get function [epel-7]

BZ#1610843 CVE-2017-2918 blender: Integer Overflow in the Image loading functionality [epel-7]

BZ#1610846 CVE-2017-12104 blender: Integer Overflow when it draws a Particle object [epel-7]

BZ#1610848 CVE-2017-12103 blender: Integer Overflow when it converts text rendered as a font into a curve [epel-7]

BZ#1610851 CVE-2017-12102 blender: Integer Overflow when it converts converts curves to polygons [epel-7]

BZ#1610856 CVE-2017-12101 blender: Integer Overflow in the modifier_mdef_compact_influences functionality [epel-7]

BZ#1610858 CVE-2017-12100 blender: Integer Overflow in the multires_load_old_dm functionality [epel-7]

BZ#1610860 CVE-2017-12099 blender: Integer Overflow in the legacy Mesh attribute tface [epel-7]

BZ#1610862 CVE-2017-12082 blender: Integer Overflow in the CustomData Mesh loading functionality [epel-7]

BZ#1610865 CVE-2017-12081 blender: Integer Overflow in the upgrade of a legacy Mesh attribute [epel-7]

blender-2.68a-9.el7

Automated Test Results

ignored