[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 940-1] sane-backends security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : sane-backends
Version        : 1.0.22-7.4+deb7u1
CVE ID         : CVE-2017-6318
Debian Bug     : #854804

It was discovered that there was an issue in sane-backends, an API library for
scanners. It allowed remote attackers to obtain sensitive memory information
via a crafted SANE_NET_CONTROL_OPTION packet.

For Debian 7 "Wheezy", this issue has been fixed in sane-backends version
1.0.22-7.4+deb7u1.

We recommend that you upgrade your sane-backends packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkWvGEACgkQHpU+J9Qx
HlgQGQ//WCBT8GtCERn+xPJnL++QE5eQHogqiBNzKzjKB3jqlq+ILeDvojZZDNtt
2J3d/i6Diwv7Ie5DPS1zM06OMFgWxrPR7yg1umrFVNzs4P39dSLGOqaORhZ6pmXU
UiYx6oLohvZhre/aRnnZ8OWdZHfkhAFShteEeGO6nNR3AbIoCvPH38npgTUD+uVd
7MFQ+oSpDfhdrf+Xtcu891qfhrysHcublx5UnO+b/GtvMf1srfmkO2ychzn3QKM5
eVbMsoD051eLR0NxUyjoI1fmQNsG7AJnQje9i91zMHpF10/alb+h3tE5cNhVjGvl
GIAtE1E0Ar9q2I9o9dnCnJz3mqqOV4Py3tUyJ4/D3L6mEf/QWVwQdgQj2PRiIbSR
pFEr4W+ez0EWYrOVqWBMIoUkumh5kT8GrdAyvRar5JGsOsc1X4mA24jtc+v0UfV2
MuoiWXqHVflDP296Y+3yx7MpguMabG+1/LcWzOcJHh+TZEv5eEDz1JipwOOj97gW
9d1bYANeVWvG319fhe82nMVRt3PK6HscFv4gtyIuLd0jUtbGhHIdN+ax43cjmB4Q
A8255ojhAX+HXiALXsCLz8cCy0QBosm6lWmP9dJYCFFGWf4GUOlbVUO3tvHy8y3u
N8Uf8PxDLDH4c9tfGTIStaSROFbOp99dfgVEceSHY/OlSfaZ93w=
=/mUx
-----END PGP SIGNATURE-----
Reply to: