UbuntuUpdates.org

Package "libsane"

Name: libsane

Description:

API library for scanners

Latest version: 1.0.25+git20150528-1ubuntu2.16.04.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: sane-backends
Homepage: http://www.sane-project.org

Links


Download "libsane"


Other versions of "libsane" in Xenial

Repository Area Version
base main 1.0.25+git20150528-1ubuntu2
security main 1.0.25+git20150528-1ubuntu2.16.04.3

Changelog

Version: 1.0.25+git20150528-1ubuntu2.16.04.3 2020-08-24 19:06:17 UTC

  sane-backends (1.0.25+git20150528-1ubuntu2.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: memory disclosure via crafted SANE_NET_CONTROL_OPTION
    packet
    - debian/patches/CVE-2017-6318.patch: address memory corruption and
      information leakage in frontend/saned.c.
    - CVE-2017-6318
  * SECURITY UPDATE: out-of-bounds read in epsonds
    - debian/patches/CVE-2020-12862.patch: do not read beyond the end of
      the token in backend/epsonds-cmd.c.
    - CVE-2020-12862
  * SECURITY UPDATE: out-of-bounds read in epsonds
    - debian/patches/CVE-2020-12863.patch: read only up to seven hexdigits
      to determine payload size in backend/epsonds-cmd.c.
    - CVE-2020-12863
  * SECURITY UPDATE: heap buffer overflow in epsonds
    - debian/patches/CVE-2020-12865.patch: check for overflow when reading
      image data in backend/epsonds-cmd.c, backend/epsonds.c,
      backend/epsonds.h.
    - CVE-2020-12865
  * SECURITY UPDATE: NULL pointer dereference in epson2
    - debian/patches/CVE-2020-12867.patch: rewrite network I/O in
      backend/epson2_net.c, backend/epson2_net.h.
    - CVE-2020-12867

 -- Marc Deslauriers <email address hidden> Fri, 21 Aug 2020 11:15:11 -0400

Source diff to previous version
CVE-2017-6318 saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
CVE-2020-12862 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important
CVE-2020-12863 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important
CVE-2020-12865 A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbit
CVE-2020-12867 A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as th

Version: 1.0.25+git20150528-1ubuntu2.16.04.1 2017-04-27 17:06:59 UTC

  sane-backends (1.0.25+git20150528-1ubuntu2.16.04.1) xenial; urgency=medium

  * control: add breaks/replaces between libsane and libsane-common to
    fix earlier packaging mistake. LP: #1564778

 -- Rolf Leggewie <email address hidden> Thu, 09 Feb 2017 17:30:55 +0800

1564778 package libsane-common 1.0.25+git20150528-1ubuntu2 failed to install/upgrade: trying to overwrite '/etc/sane.d/hp.conf', which is also in package lib



About   -   Send Feedback to @ubuntu_updates