Univention Bugzilla – Bug 51831
sane-backends: Multiple issues (4.4)
Last modified: 2020-10-28 12:49:24 CET
New Debian sane-backends 1.0.25-4.1+deb9u1 fixes: This update addresses the following issues: * Out-of-bounds read in decode_binary (CVE-2020-12862) * Out-of-bounds read in esci2_check_header (CVE-2020-12863) * Heap buffer overflow in esci2_img (CVE-2020-12865) * NULL pointer dereference in sanei_epson_net_read function (CVE-2020-12867)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/sane-backends_1.0.25-4.1.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/sane-backends_1.0.25-4.1+deb9u1.dsc @@ -1,3 +1,23 @@ +1.0.25-4.1+deb9u1 [Thu, 13 Aug 2020 18:59:57 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2020-12862: an out-of-bounds read in SANE Backends before 1.0.30 + may allow a malicious device connected to the same local network as + the victim to read important information, such as the ASLR offsets of + the program, aka GHSL-2020-082. + * CVE-2020-12863: an out-of-bounds read in SANE Backends before 1.0.30 + may allow a malicious device connected to the same local network as + the victim to read important information, such as the ASLR offsets of + the program, aka GHSL-2020-083. + * CVE-2020-12865: a heap buffer overflow in SANE Backends before 1.0.30 + may allow a malicious device connected to the same local network as + the victim to execute arbitrary code, aka GHSL-2020-084. + * CVE-2020-12867: a NULL pointer dereference in sanei_epson_net_read in + SANE Backends before 1.0.30 allows a malicious device connected to the + same local network as the victim to cause a denial of service, aka + GHSL-2020-075. + * Fix debian/tests/start-net. + 1.0.25-4.1 [Sun, 21 May 2017 10:04:48 +0200] Chris Lamb <lamby@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.4-5/#2252669493381846487>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts ignore failing purge test [4.4-5] 5c80272665 Bug #51831: sane-backends 1.0.25-4.1+deb9u1 doc/errata/staging/sane-backends.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x719>
There's a regression in sane-backens 1.0.25-4.1+deb9u1, where the package libsane-common lost many files. This is fixed by deb9u2.
Manually imported deb9u2. Manually created sane-backends.yaml.
--- mirror/ftp/4.4/unmaintained/4.4-6/source/sane-backends_1.0.25-4.1+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/sane-backends_1.0.25-4.1+deb9u2.dsc @@ -1,3 +1,12 @@ +1.0.25-4.1+deb9u2 [Fri, 02 Oct 2020 14:05:45 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix missing files when building the arch-all package: move rules from + override_dh_install-arch and override_dh_auto_install-arch to + override_dh_install-indep and override_dh_auto_install-indep. + (backport from 1.0.27-1~experimental3). + * Remove libsane-dll.* consistently. + 1.0.25-4.1+deb9u1 [Thu, 13 Aug 2020 18:59:57 +0200] Sylvain Beucler <beuc@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://10.200.17.11/4.4-6/#2252669493385094062>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] 95b89df24b Bug #51831: sane-backends 1.0.25-4.1+deb9u2 doc/errata/staging/sane-backends.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x786>