Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:3065-1

Опубликовано: 28 окт. 2020
Источник: suse-cvrf

Описание

Security update for sane-backends

This update for sane-backends fixes the following issues:

sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues:

  • CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)
  • CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)
  • CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)

The upstream changelogs can be found here:

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP1
sane-backends-1.0.31-6.3.2
sane-backends-autoconfig-1.0.31-6.3.2
sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
sane-backends-1.0.31-6.3.2
sane-backends-autoconfig-1.0.31-6.3.2
sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Package Hub 15 SP1
sane-backends-32bit-1.0.31-6.3.2
SUSE Linux Enterprise Module for Package Hub 15 SP2
sane-backends-32bit-1.0.31-6.3.2

Ссылки

Описание

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2
Ссылки

Описание

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2
Ссылки

Описание

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2
Ссылки

Описание

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2
Ссылки

Описание

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2
Ссылки

Описание

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2
Ссылки

Описание

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2
Ссылки
Уязвимость SUSE-SU-2020:3065-1