Gentoo Linux Security Advisory 201001-7 - An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Versions less than 2.48a-r3 are affected.
d3757185463cd9fc168c7f705922658f8d6ef78452b0a83331a107ab332746d7
Mandriva Linux Security Advisory 2009-038 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory. This update provides fix for that vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
9a26844c67c94caa224d0a62392f35e4642f54fb484c6efa85d144cc839b5606
Mandriva Linux Security Advisory 2009-038 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory. This update provides fix for that vulnerability.
1e99fa3a1f0f0ec04047779edd481b19ceb202904e32e8a38780b66885631ce7
Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.
5cadcbf1d0c25ea0b4eeaefe61aba2f5aa7ba23cdc4e042bdbe6731fc0bbb9e2