Mandriva issued this advisory on July 18: http://lists.mandriva.com/security-announce/2011-07/msg00003.php
Are you sure of this one ? we have ffmpeg 0.6.3-2.1 and another bug is open for the security issue in ffmpeg
We are shipping the same version of blender, and there have been no updates to the package since May, and this advisory is from July. Although the description of the CVEs references ffmpeg, this advisory is for the blender package only. I'm guessing that blender uses an internal copy of ffmpeg (which is not uncommon). If our blender package has been made to use the system ffmpeg, then this is not an issue.
Ok thanks for the explanation. so assigned to the package maintainer.
Assignee: bugsquad => dmorganec
mplayer is possibly also affected (Bug 4001).
I added fixes for CVE-2009-4632 CVE-2009-4633 CVE-2009-4634 CVE-2009-4635 CVE-2009-4636 CVE-2009-4640 CVE-2010-3429 CVE-2010-4704 CVE-2011-0722 CVE-2011-0723 pushed in the BS
Assignee: dmorganec => qa-bugs
Installed blander from updates testing on my i586 system. Running "blender" from a konsole, starts the program, with the splash screen showing, but my system locks up. Mouse and keyboard are locked. Alt+ctrl+bs (twice) doesn't kill the x server. Alt+ctrl+sysrq, rseisub does not do anything. Had to use the reset button. No messages in any log files.
CC: (none) => davidwhodgins
On my x86_64 (with an intel video card) it seems working, no issue with the splash.
(In reply to comment #6) > Installed blander from updates testing on my i586 system. > > Running "blender" from a konsole, starts the program, with the splash > screen showing, but my system locks up. > > Mouse and keyboard are locked. Alt+ctrl+bs (twice) doesn't kill the x server. > > Alt+ctrl+sysrq, rseisub does not do anything. > > Had to use the reset button. No messages in any log files. Dave can you reproduce this? It runs fine for me on i586.
Advisory: ======================== Updated blender package fixes security vulnerabilities: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632) vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633) Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634) FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635) FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636) Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. (CVE-2009-4640) flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429) libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704) Fix heap corruption crashes (CVE-2011-0722) Fix invalid reads in VC-1 decoding (CVE-2011-0723) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4635 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0723 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2011:114 ======================== Source RPM: blender-2.49b-10.1.mga1.src.rpm
(In reply to comment #8) > (In reply to comment #6) > > Installed blander from updates testing on my i586 system. > > > > Running "blender" from a konsole, starts the program, with the splash > > screen showing, but my system locks up. > > > > Mouse and keyboard are locked. Alt+ctrl+bs (twice) doesn't kill the x server. > > > > Alt+ctrl+sysrq, rseisub does not do anything. > > > > Had to use the reset button. No messages in any log files. > > Dave can you reproduce this? It runs fine for me on i586. Yes. Figured out though, that if I switch from the ati driver to vesa, in xorg.conf, it works ok. I'll retest with the Release version to see if this is a regression or not. My video card is Radeon 9200 SE.
(In reply to comment #10) > (In reply to comment #8) > > (In reply to comment #6) > > > Installed blander from updates testing on my i586 system. > > > > > > Running "blender" from a konsole, starts the program, with the splash > > > screen showing, but my system locks up. > > > > > > Mouse and keyboard are locked. Alt+ctrl+bs (twice) doesn't kill the x server. > > > > > > Alt+ctrl+sysrq, rseisub does not do anything. > > > > > > Had to use the reset button. No messages in any log files. > > > > Dave can you reproduce this? It runs fine for me on i586. > > Yes. Figured out though, that if I switch from the ati driver to vesa, > in xorg.conf, it works ok. I'll retest with the Release version to see > if this is a regression or not. My video card is Radeon 9200 SE. I have a machine with a Radeon 9250 SE (same chipset) with the ati driver on i586. I just tested the release and updates_testing versions of blender and did not have this problem or see any regressions. Maybe your machine has another problem. Does other 3D stuff work?
Created attachment 1360 [details] lspci -v output for the radeon card According to drak3d, the card does not support 3d desktop effects. The attached file shows the output of lspci -v for the card.
(In reply to comment #12) > Created attachment 1360 [details] > lspci -v output for the radeon card > > According to drak3d, the card does not support 3d desktop effects. The > attached file shows the output of lspci -v for the card. AFAIK 3D should be supported by this card, but that's a separate issue. Were you able to verify that this is not a regression caused by this package?
Just finished confirming this is not a regression. Once we have an x86-64 test, this update can be validated.
Manuel already covered x86_64. Validating now. Advisory in Comment 9. Could sysadmin please push from core/updates_testing to core/updates Thank you!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED