Debian Security Advisory

DLA-940-1 sane-backends -- LTS security update

Date Reported:
13 May 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-6318.
More information:

It was discovered that there was an issue in sane-backends, an API library for scanners. It allowed remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

For Debian 7 Wheezy, this issue has been fixed in sane-backends version 1.0.22-7.4+deb7u1.

We recommend that you upgrade your sane-backends packages.