UbuntuUpdates.org

Package "sane-backends"

Name: sane-backends

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • API library for scanners -- documentation and support files
  • API development library for scanners [development files]
  • API library for scanners
  • API library for scanners -- utilities
Latest version: 1.0.27-1~experimental3ubuntu2.3
Release: bionic (18.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "sane-backends" in Bionic

Repository Area Version
base main 1.0.27-1~experimental3ubuntu2
updates main 1.0.27-1~experimental3ubuntu2.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.27-1~experimental3ubuntu2.3 2020-08-24 14:06:22 UTC

  sane-backends (1.0.27-1~experimental3ubuntu2.3) bionic-security; urgency=medium

  * SECURITY UPDATE: multiple issues in epsonds network discovery
    - debian/patches/CVE-2020-12861_12864_12866.patch: disable network
      autodiscovery in backend/epsonds.conf.in.
    - CVE-2020-12861
    - CVE-2020-12864
    - CVE-2020-12866
  * SECURITY UPDATE: out-of-bounds read in epsonds
    - debian/patches/CVE-2020-12862.patch: do not read beyond the end of
      the token in backend/epsonds-cmd.c.
    - CVE-2020-12862
  * SECURITY UPDATE: out-of-bounds read in epsonds
    - debian/patches/CVE-2020-12863.patch: read only up to seven hexdigits
      to determine payload size in backend/epsonds-cmd.c.
    - CVE-2020-12863
  * SECURITY UPDATE: heap buffer overflow in epsonds
    - debian/patches/CVE-2020-12865.patch: check for overflow when reading
      image data in backend/epsonds-cmd.c, backend/epsonds.c,
      backend/epsonds.h.
    - CVE-2020-12865
  * SECURITY UPDATE: NULL pointer dereference in epson2
    - debian/patches/CVE-2020-12867.patch: rewrite network I/O in
      backend/epson2_net.c, backend/epson2_net.h.
    - CVE-2020-12867

 -- Marc Deslauriers <email address hidden> Fri, 21 Aug 2020 11:02:07 -0400
CVE-2020-12861 A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrar
CVE-2020-12864 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important
CVE-2020-12866 A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a deni
CVE-2020-12862 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important
CVE-2020-12863 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important
CVE-2020-12865 A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbit
CVE-2020-12867 A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as th


About   -   Send Feedback to @ubuntu_updates