Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-2902:01 Important: sane-backends security update

    Date
    144
    Posted By
    An update for sane-backends is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: sane-backends security update
    Advisory ID:       RHSA-2020:2902-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2902
    Issue date:        2020-07-14
    CVE Names:         CVE-2020-12861 CVE-2020-12865 
    =====================================================================
    
    1. Summary:
    
    An update for sane-backends is now available for Red Hat Enterprise Linux
    8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
    
    3. Description:
    
    Scanner Access Now Easy (SANE) is a universal scanner interface. The SANE
    application programming interface (API) provides standardized access to any
    raster image scanner hardware (for example, flatbed scanners, hand-held
    scanners, video and still cameras, and frame-grabbers).
    
    Security Fix(es):
    
    * sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
    (CVE-2020-12861)
    
    * sane-backends: Heap buffer overflow in esci2_img (CVE-2020-12865)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1850556 - CVE-2020-12861 sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c
    1850598 - CVE-2020-12865 sane-backends: Heap buffer overflow in esci2_img
    
    6. Package List:
    
    Red Hat Enterprise Linux AppStream (v. 8):
    
    Source:
    sane-backends-1.0.27-19.el8_2.1.src.rpm
    
    aarch64:
    sane-backends-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-daemon-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-daemon-debuginfo-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-debuginfo-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-debugsource-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-devel-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-drivers-cameras-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-drivers-scanners-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-libs-1.0.27-19.el8_2.1.aarch64.rpm
    sane-backends-libs-debuginfo-1.0.27-19.el8_2.1.aarch64.rpm
    
    noarch:
    sane-backends-doc-1.0.27-19.el8_2.1.noarch.rpm
    
    ppc64le:
    sane-backends-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-daemon-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-daemon-debuginfo-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-debuginfo-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-debugsource-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-devel-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-drivers-cameras-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-drivers-scanners-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-libs-1.0.27-19.el8_2.1.ppc64le.rpm
    sane-backends-libs-debuginfo-1.0.27-19.el8_2.1.ppc64le.rpm
    
    s390x:
    sane-backends-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-daemon-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-daemon-debuginfo-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-debuginfo-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-debugsource-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-devel-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-drivers-cameras-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-drivers-scanners-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-libs-1.0.27-19.el8_2.1.s390x.rpm
    sane-backends-libs-debuginfo-1.0.27-19.el8_2.1.s390x.rpm
    
    x86_64:
    sane-backends-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-daemon-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-daemon-debuginfo-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-daemon-debuginfo-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-debuginfo-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-debuginfo-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-debugsource-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-debugsource-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-devel-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-devel-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-drivers-cameras-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-drivers-cameras-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-drivers-cameras-debuginfo-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-drivers-scanners-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-drivers-scanners-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-drivers-scanners-debuginfo-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-libs-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-libs-1.0.27-19.el8_2.1.x86_64.rpm
    sane-backends-libs-debuginfo-1.0.27-19.el8_2.1.i686.rpm
    sane-backends-libs-debuginfo-1.0.27-19.el8_2.1.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2020-12861
    https://access.redhat.com/security/cve/CVE-2020-12865
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXw13atzjgjWX9erEAQjUeg/+MK9aCUuuKJwRi0jcVAlviATPYaHosktq
    RO92DYA6tNMdWUT8QH8gNdF70SCay5N7IlNkmLGlBULDu5JAnK8NXcacVQcSX74v
    cEfGvNrz2Vj3wll61yKJrj5w4pxiGWPs/ismvb1N/eT/H8YAnmVhmQlNnTbeLXid
    X6VqslXacmU7MbIEfHJsLTAO7ET73pPTQuzVoRZklF+E9t6L4SA79hmZUajycrJz
    WBJR33iw/XAdILVSWqewZdAzW7gf3xpz+O8ffAHvjLA/mN9ZxWGwsulUQAQsYMmM
    JJiZmk/u5nCPXLoZUwvddzZpSqVXITBWMMRSzeR/zZCeOiwip9U+o4nNP5zw7Xmo
    H5o85jm3ONKGCzc8XZs9d8LFWgWaBVhK5p84HIGy5oxJPQMfczR/TFwFWnmoOnHT
    hiCF9nLBLuzeEg9sMmVK6+cnZyQOV0KUpNHtLsBorRn4eCTG2DQrPdEAeVNC/7Jw
    zYaMLJ4erFNkd6xG1SAUxQnc/XbFKEhs9GAkKwqOGJnCUWLAyBQ0UAVlXN8sos6L
    DGdmnslTeMArhXAZYdR7xQSvrCYZoBxRhHGauTWAQz37sM9Ol734I2L9bQEMa9c2
    EZ6613Qptq0RCS3sTJ+rHGKckVDLb++16NhZHX9vKPMWeoUVs7Sedvf2vdc5okc7
    XTxUqXcJWTU=
    =VmKW
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]