Bug 46244 - sane-backends: Multiple issues (4.2)
sane-backends: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-3-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-07 15:48 CET by Philipp Hahn
Modified: 2018-05-08 14:57 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-02-07 15:48:19 CET
New Debian sane-backends 1.0.24-8+deb8u2 fixes:
This update addresses the following issue:
* CVE-2017-6318: fix memory corruption and information leakage.

CVE-2017-6318 sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server
Comment 1 Philipp Hahn univentionstaff 2018-02-07 15:56:32 CET
aa2f998e55 Bug #46244: sane-backends_1.0.24-8+deb8u2
Comment 2 Quality Assurance univentionstaff 2018-05-04 16:55:48 CEST
--- mirror/ftp/4.2/unmaintained/4.2-0/source/sane-backends_1.0.24-8+deb8u1.dsc
+++ apt/ucs_4.2-0-errata4.2-3/source/sane-backends_1.0.24-8+deb8u2.dsc
@@ -1,3 +1,10 @@
+1.0.24-8+deb8u2 [Wed, 19 Apr 2017 11:51:22 +0200] Jörg Frings-Fürst <debian@jff-webhosting.net>:
+
+  * CVE-2017-6318:
+    - New debian/patches/0500-CVE-2017-6318.patch
+      + cherry-picked from upstream to fix memory corruption and
+        information leakage (Closes: #854804).
+
 1.0.24-8+deb8u1 [Wed, 27 Jan 2016 07:48:32 +0100] Jörg Frings-Fürst <debian@jff-webhosting.net>:
 
   * Cherry-picked systemd handling from unstable (Closes: #791961):
Comment 3 Arvid Requate univentionstaff 2018-05-07 12:52:24 CEST
* No UCS specific patches
* Comparison to previously shipped version ok
* Binary package update Ok
* Advisory Ok
Comment 4 Arvid Requate univentionstaff 2018-05-08 14:57:02 CEST
<http://errata.software-univention.de/ucs/4.2/398.html>