openSUSE-SU-2020:1798-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:1798-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2020:1798-1

Related

Published

2020-11-01T05:23:45Z

Modified

2020-11-01T05:23:45Z

Summary

Security update for sane-backends

Details

This update for sane-backends fixes the following issues:

sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560) and also fix various security issues:

CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)
CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)
CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)

The upstream changelogs can be found here:

https://gitlab.com/sane-project/backends/-/releases/1.0.28
https://gitlab.com/sane-project/backends/-/releases/1.0.29
https://gitlab.com/sane-project/backends/-/releases/1.0.30
https://gitlab.com/sane-project/backends/-/releases/1.0.31

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.2 / sane-backends

Package

Name: sane-backends
Purl: pkg:rpm/opensuse/sane-backends&distro=openSUSE%20Leap%2015.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.31-lp152.7.3.1

Ecosystem specific

{
    "binaries": [
        {
            "sane-backends-32bit": "1.0.31-lp152.7.3.1",
            "sane-backends": "1.0.31-lp152.7.3.1",
            "sane-backends-devel": "1.0.31-lp152.7.3.1",
            "sane-backends-devel-32bit": "1.0.31-lp152.7.3.1",
            "sane-backends-autoconfig": "1.0.31-lp152.7.3.1"
        }
    ]
}