[sane-devel] SANE Backends 1.0.30 security bug fix release
Olaf Meeuwissen
paddy-hack at member.fsf.org
Sun May 17 13:21:59 BST 2020
Hi all,
Kevin Backhouse of the [GitHub Security Lab team][1] has discovered
several issues in the epson2, epsonds and magicolor backends that could
be exploited by a malicious network device. All three backends are
enabled by default. Moreover, all enable automatic discovery of network
devices. The issues can be used to crash SANE frontends at start up or
when starting a scan as well as corrupt memory leading to a possibility
of remote code execution.
[1]: https://securitylab.github.com
This release fixes the issues for the epson2 and magicolor backends and
mitigates them for the epsonds backend.
We recommend that you upgrade to this release. The source tarball and
checksums can be found on the [releases page][2].
[2]: https://gitlab.com/sane-project/backends/-/releases
Please note that this page also mentions a "Source code" pull down menu
from which you can download the corresponding git repository. These
archives do *not* include generated files such as the configure script,
Makefile.in files and more.
A nicely formatted version of the release notes can be found at the
[releases page][2] as well. For your convenience, the "raw" Markdown is
included below.
### Backends
- `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
management issues found while addressing that CVE
- `epsonds`: addresses out-of-bound memory access issues to fix
CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
and disables network autodiscovery to mitigate CVE-2020-12866
(GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
(GHSL-2020-081). Note that this backend does not support network
scanners to begin with.
- `magicolor`: fixes a floating point exception and uninitialized data
read
- fixes an overflow in `sanei_tcp_read()`
### Build
- fixes a build issue where linker flags would become link time
dependencies (#239)
In case you encounter any issues with this release, please contact the
[sane-devel mailing list][3] or [submit an issue][4].
[3]: mailto:sane-devel at alioth-lists.debian.net
[4]: https://gitlab.com/sane-project/backends/-/issues
Hope this helps,
--
Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27
GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9
Support Free Software https://my.fsf.org/donate
Join the Free Software Foundation https://my.fsf.org/join
More information about the sane-devel
mailing list