Описание
Security update for sane-backends
This update for sane-backends fixes the following issues:
sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues:
- CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)
- CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)
- CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)
The upstream changelogs can be found here:
- https://gitlab.com/sane-project/backends/-/releases/1.0.28
- https://gitlab.com/sane-project/backends/-/releases/1.0.29
- https://gitlab.com/sane-project/backends/-/releases/1.0.30
- https://gitlab.com/sane-project/backends/-/releases/1.0.31
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1791-1
- SUSE Security Ratings
- SUSE Bug 1172524
- SUSE CVE CVE-2020-12861 page
- SUSE CVE CVE-2020-12862 page
- SUSE CVE CVE-2020-12863 page
- SUSE CVE CVE-2020-12864 page
- SUSE CVE CVE-2020-12865 page
- SUSE CVE CVE-2020-12866 page
- SUSE CVE CVE-2020-12867 page
Описание
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
Затронутые продукты
Ссылки
- CVE-2020-12861
- SUSE Bug 1172524
Описание
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
Затронутые продукты
Ссылки
- CVE-2020-12862
- SUSE Bug 1172524
Описание
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.
Затронутые продукты
Ссылки
- CVE-2020-12863
- SUSE Bug 1172524
Описание
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.
Затронутые продукты
Ссылки
- CVE-2020-12864
- SUSE Bug 1172524
Описание
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
Затронутые продукты
Ссылки
- CVE-2020-12865
- SUSE Bug 1172524
Описание
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
Затронутые продукты
Ссылки
- CVE-2020-12866
- SUSE Bug 1172524
Описание
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
Затронутые продукты
Ссылки
- CVE-2020-12867
- SUSE Bug 1172524