Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-940-1 sane-backends

Debian Security Advisory

DLA-940-1 sane-backends -- LTS security update

Date Reported:

13 May 2017

Affected Packages:

sane-backends

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-6318.

More information:

It was discovered that there was an issue in sane-backends, an API library for scanners. It allowed remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

For Debian 7 Wheezy, this issue has been fixed in sane-backends version 1.0.22-7.4+deb7u1.

We recommend that you upgrade your sane-backends packages.