Описание
Security update for sane-backends
This update for sane-backends fixes the following issues:
- sane-backends version upgrade to 1.0.31:
- sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524)
- sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418)
- The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH'
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2020:3125-1
- E-Mail link for SUSE-SU-2020:3125-1
- SUSE Security Ratings
- SUSE Bug 1172524
- SUSE CVE CVE-2017-6318 page
- SUSE CVE CVE-2020-12861 page
- SUSE CVE CVE-2020-12862 page
- SUSE CVE CVE-2020-12863 page
- SUSE CVE CVE-2020-12864 page
- SUSE CVE CVE-2020-12865 page
- SUSE CVE CVE-2020-12866 page
- SUSE CVE CVE-2020-12867 page
Описание
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
Затронутые продукты
Ссылки
- CVE-2017-6318
- SUSE Bug 1027197
Описание
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
Затронутые продукты
Ссылки
- CVE-2020-12861
- SUSE Bug 1172524
Описание
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
Затронутые продукты
Ссылки
- CVE-2020-12862
- SUSE Bug 1172524
Описание
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.
Затронутые продукты
Ссылки
- CVE-2020-12863
- SUSE Bug 1172524
Описание
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.
Затронутые продукты
Ссылки
- CVE-2020-12864
- SUSE Bug 1172524
Описание
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
Затронутые продукты
Ссылки
- CVE-2020-12865
- SUSE Bug 1172524
Описание
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
Затронутые продукты
Ссылки
- CVE-2020-12866
- SUSE Bug 1172524
Описание
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
Затронутые продукты
Ссылки
- CVE-2020-12867
- SUSE Bug 1172524