SANE Backends 1.0.30 security bug fix release

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SANE Backends 1.0.30 security bug fix release

Olaf Meeuwissen-4
Hi all,

Kevin Backhouse of the [GitHub Security Lab team][1] has discovered
several issues in the epson2, epsonds and magicolor backends that could
be exploited by a malicious network device.  All three backends are
enabled by default.  Moreover, all enable automatic discovery of network
devices.  The issues can be used to crash SANE frontends at start up or
when starting a scan as well as corrupt memory leading to a possibility
of remote code execution.

 [1]: https://securitylab.github.com

This release fixes the issues for the epson2 and magicolor backends and
mitigates them for the epsonds backend.

We recommend that you upgrade to this release.  The source tarball and
checksums can be found on the [releases page][2].

 [2]: https://gitlab.com/sane-project/backends/-/releases

Please note that this page also mentions a "Source code" pull down menu
from which you can download the corresponding git repository.  These
archives do *not* include generated files such as the configure script,
Makefile.in files and more.

A nicely formatted version of the release notes can be found at the
[releases page][2] as well.  For your convenience, the "raw" Markdown is
included below.

 ### Backends

 - `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
   management issues found while addressing that CVE
 - `epsonds`: addresses out-of-bound memory access issues to fix
   CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
   addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
   and disables network autodiscovery to mitigate CVE-2020-12866
   (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
   (GHSL-2020-081).  Note that this backend does not support network
   scanners to begin with.
 - `magicolor`: fixes a floating point exception and uninitialized data
   read
 - fixes an overflow in `sanei_tcp_read()`

 ### Build

 - fixes a build issue where linker flags would become link time
   dependencies (#239)

In case you encounter any issues with this release, please contact the
[sane-devel mailing list][3] or [submit an issue][4].

 [3]: mailto:[hidden email]
 [4]: https://gitlab.com/sane-project/backends/-/issues

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join

_______________________________________________
sane-announce mailing list
[hidden email]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/sane-announce