Описание
Security update for sane-backends
This update for sane-backends fixes the following issues:
- saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
sane-backends-1.0.24-3.1
sane-backends-32bit-1.0.24-3.1
sane-backends-autoconfig-1.0.24-3.1
SUSE Linux Enterprise Desktop 12 SP2
sane-backends-1.0.24-3.1
sane-backends-32bit-1.0.24-3.1
sane-backends-autoconfig-1.0.24-3.1
SUSE Linux Enterprise Server 12 SP1
sane-backends-1.0.24-3.1
SUSE Linux Enterprise Server 12 SP2
sane-backends-1.0.24-3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
sane-backends-1.0.24-3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
sane-backends-1.0.24-3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
sane-backends-1.0.24-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1
sane-backends-devel-1.0.24-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
sane-backends-devel-1.0.24-3.1
SUSE Linux Enterprise Workstation Extension 12 SP1
sane-backends-32bit-1.0.24-3.1
sane-backends-autoconfig-1.0.24-3.1
SUSE Linux Enterprise Workstation Extension 12 SP2
sane-backends-32bit-1.0.24-3.1
sane-backends-autoconfig-1.0.24-3.1
Ссылки
- Link for SUSE-SU-2017:0713-1
- E-Mail link for SUSE-SU-2017:0713-1
- SUSE Security Ratings
- SUSE Bug 1027197
- SUSE CVE CVE-2017-6318 page
Описание
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:sane-backends-1.0.24-3.1
SUSE Linux Enterprise Desktop 12 SP1:sane-backends-32bit-1.0.24-3.1
SUSE Linux Enterprise Desktop 12 SP1:sane-backends-autoconfig-1.0.24-3.1
SUSE Linux Enterprise Desktop 12 SP2:sane-backends-1.0.24-3.1
Ссылки
- CVE-2017-6318
- SUSE Bug 1027197