blender-3.0.1-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11859 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z blender-3.0.1-2.1 on GA media These are all security issues fixed in the blender-3.0.1-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11859 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11859 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0544/ SUSE CVE CVE-2022-0544 page https://www.suse.com/security/cve/CVE-2022-0545/ SUSE CVE CVE-2022-0545 page https://www.suse.com/security/cve/CVE-2022-0546/ SUSE CVE CVE-2022-0546 page openSUSE Tumbleweed blender-3.0.1-2.1 blender-cycles-devel-3.0.1-2.1 blender-demo-3.0.1-2.1 blender-lang-3.0.1-2.1 blender-3.0.1-2.1 as a component of openSUSE Tumbleweed blender-cycles-devel-3.0.1-2.1 as a component of openSUSE Tumbleweed blender-demo-3.0.1-2.1 as a component of openSUSE Tumbleweed blender-lang-3.0.1-2.1 as a component of openSUSE Tumbleweed An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. CVE-2022-0544 openSUSE Tumbleweed:blender-3.0.1-2.1 openSUSE Tumbleweed:blender-cycles-devel-3.0.1-2.1 openSUSE Tumbleweed:blender-demo-3.0.1-2.1 openSUSE Tumbleweed:blender-lang-3.0.1-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0544.html CVE-2022-0544 https://bugzilla.suse.com/1195740 SUSE Bug 1195740 An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. CVE-2022-0545 openSUSE Tumbleweed:blender-3.0.1-2.1 openSUSE Tumbleweed:blender-cycles-devel-3.0.1-2.1 openSUSE Tumbleweed:blender-demo-3.0.1-2.1 openSUSE Tumbleweed:blender-lang-3.0.1-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0545.html CVE-2022-0545 https://bugzilla.suse.com/1195739 SUSE Bug 1195739 A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. CVE-2022-0546 openSUSE Tumbleweed:blender-3.0.1-2.1 openSUSE Tumbleweed:blender-cycles-devel-3.0.1-2.1 openSUSE Tumbleweed:blender-demo-3.0.1-2.1 openSUSE Tumbleweed:blender-lang-3.0.1-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0546.html CVE-2022-0546 https://bugzilla.suse.com/1195738 SUSE Bug 1195738