An update for sane-backends is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1074
Final
1.0
1.0
2021-03-05
Initial
2021-03-05
2021-03-05
openEuler SA Tool V1.0
2021-03-05
sane-backends security update
An update for sane-backends is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.
SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners and other image acquisition devices like digital still and video cameras.
Security Fix(es):
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.(CVE-2020-12865)
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.(CVE-2020-12862)
An update for sane-backends is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
sane-backends
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1074
https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-12865
https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-12862
https://nvd.nist.gov/vuln/detail/CVE-2020-12865
https://nvd.nist.gov/vuln/detail/CVE-2020-12862
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
sane-backends-debugsource-1.0.28-10.oe1.aarch64.rpm
sane-backends-daemon-1.0.28-10.oe1.aarch64.rpm
sane-backends-libs-1.0.28-10.oe1.aarch64.rpm
sane-backends-1.0.28-10.oe1.aarch64.rpm
sane-backends-drivers-cameras-1.0.28-10.oe1.aarch64.rpm
sane-backends-drivers-scanners-1.0.28-10.oe1.aarch64.rpm
sane-backends-debuginfo-1.0.28-10.oe1.aarch64.rpm
sane-backends-devel-1.0.28-10.oe1.aarch64.rpm
sane-backends-debugsource-1.0.28-10.oe1.aarch64.rpm
sane-backends-daemon-1.0.28-10.oe1.aarch64.rpm
sane-backends-libs-1.0.28-10.oe1.aarch64.rpm
sane-backends-1.0.28-10.oe1.aarch64.rpm
sane-backends-drivers-cameras-1.0.28-10.oe1.aarch64.rpm
sane-backends-drivers-scanners-1.0.28-10.oe1.aarch64.rpm
sane-backends-debuginfo-1.0.28-10.oe1.aarch64.rpm
sane-backends-devel-1.0.28-10.oe1.aarch64.rpm
sane-backends-help-1.0.28-10.oe1.noarch.rpm
sane-backends-help-1.0.28-10.oe1.noarch.rpm
sane-backends-1.0.28-10.oe1.src.rpm
sane-backends-1.0.28-10.oe1.src.rpm
sane-backends-devel-1.0.28-10.oe1.x86_64.rpm
sane-backends-drivers-scanners-1.0.28-10.oe1.x86_64.rpm
sane-backends-libs-1.0.28-10.oe1.x86_64.rpm
sane-backends-debugsource-1.0.28-10.oe1.x86_64.rpm
sane-backends-daemon-1.0.28-10.oe1.x86_64.rpm
sane-backends-1.0.28-10.oe1.x86_64.rpm
sane-backends-debuginfo-1.0.28-10.oe1.x86_64.rpm
sane-backends-drivers-cameras-1.0.28-10.oe1.x86_64.rpm
sane-backends-devel-1.0.28-10.oe1.x86_64.rpm
sane-backends-drivers-scanners-1.0.28-10.oe1.x86_64.rpm
sane-backends-libs-1.0.28-10.oe1.x86_64.rpm
sane-backends-debugsource-1.0.28-10.oe1.x86_64.rpm
sane-backends-daemon-1.0.28-10.oe1.x86_64.rpm
sane-backends-1.0.28-10.oe1.x86_64.rpm
sane-backends-debuginfo-1.0.28-10.oe1.x86_64.rpm
sane-backends-drivers-cameras-1.0.28-10.oe1.x86_64.rpm
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
2021-03-05
CVE-2020-12865
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
High
8.0
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sane-backends security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1074
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
2021-03-05
CVE-2020-12862
openEuler-20.03-LTS
openEuler-20.03-LTS-SP1
Medium
4.3
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
sane-backends security update
2021-03-05
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1074