Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7: MGASA-2020-0360 Moderate: SANE Buffer Overflow And DoS

mageia
Calendar Grey September 4, 2020
Dist Mageia Esm H88
Essential enhancements for Mageia SANE Backends tackle overflow vulnerabilities and denial-of-service problems. Ensure your security with the newest updates.
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080

Summary

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. (CVE-2020-12861)
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. (CVE-2020-12862)
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. (CVE-2020-12863)
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. (CVE-2020-12864)
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device c...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26712

- https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html

- https://lists.debian.org/debian-lts-announce/2020/05/msg00036.html

- https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html

- https://ubuntu.com/security/notices/USN-4470-1

- https://www.cve.org/CVERecord?id=CVE-2020-12861

- https://www.cve.org/CVERecord?id=CVE-2020-12862

- https://www.cve.org/CVERecord?id=CVE-2020-12863

- https://www.cve.org/CVERecord?id=CVE-2020-12864

- https://www.cve.org/CVERecord?id=CVE-2020-12865

- https://www.cve.org/CVERecord?id=CVE-2020-12866

- https://www.cve.org/CVERecord?id=CVE-2020-12867

Topics%20covered

Topics Covered

security advisory buffer overflow software update DoS network threat Mageia sane

Resolution

SRPMS

- 7/core/sane-1.0.28-1.1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 04 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0360.html
Type: security
CVE: CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867

Topics%20covered

Topics Covered

security advisory buffer overflow software update DoS network threat Mageia sane

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here