Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4863 to the following vulnerability: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. References: http://www.openwall.com/lists/oss-security/2008/10/27/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
Proposed patch that sanitizes sys.path before loading modules is attached in the Debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632#10
blender-2.48a-4.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/blender-2.48a-4.fc9
blender-2.48a-4.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/blender-2.48a-4.fc8
blender-2.48a-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
blender-2.48a-4.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Could the EPEL 5 version be updated also? It's version is blender-2.45-13.el5. Much appreciated! [Sorry if this is not the appropriate place to request.]
Should be fixed in blender-2.45a-14.el5
When is blender-2.45a-14.el5 expected in EPEL? (don't mean to be a nag, just curious)
Sorry, It should be blender-2.45-14.el5. I have checked for existance of the package in the testing part of the EL-5 repository.
blender-2.48a-4.fc10 did not make it to F10 before freeze, so will need to be submitted as update via bodhi.
blender-2.48a-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/blender-2.48a-4.fc10
blender-2.48a-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F10/FEDORA-2008-10448 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9411 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9447