Bug 26712

Summary: sane new security issues CVE-2020-1286[1-7]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, lists.jjorge, nicolas.salguero, sysadmin-bugs, tarazed25
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: sane-1.0.28-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-06-01 21:02:17 CEST 
SANE 1.0.30 has been released on May 17, fixing several security issues:
https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html

Debian-LTS has issued an advisory for one of these issues on May 31:
https://www.debian.org/lts/security/2020/dla-2231

Mageia 7 is also affected.
David Walser 2020-06-01 21:02:36 CEST

Whiteboard: (none) => MGA7TOO
Status comment: (none) => Fixed upstream in 1.0.30

Comment 1 Lewis Smith 2020-06-05 20:39:18 CEST 
Assigning to Zezinho as the active maintainer.

Assignee: bugsquad => lists.jjorge

Comment 2 David Walser 2020-08-21 20:49:21 CEST 
Debian-LTS has issued an advisory for more of these issues on August 17:
https://www.debian.org/lts/security/2020/dla-2332
Comment 3 David Walser 2020-08-25 15:34:28 CEST 
Sane 1.0.31 has been released.  Hopefully someone can update it.

Assignee: lists.jjorge => pkg-bugs
CC: (none) => lists.jjorge

Comment 4 David Walser 2020-08-27 22:38:29 CEST 
Ubuntu has issued an advisory for this on August 24:
https://ubuntu.com/security/notices/USN-4470-1
Comment 5 David Walser 2020-08-28 17:06:02 CEST 
sane-1.0.31-1.mga8 uploaded for Cauldron by David Geiger.

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)
CC: (none) => geiger.david68210

Comment 6 Nicolas Salguero 2020-09-03 11:20:56 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. (CVE-2020-12861)

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. (CVE-2020-12862)

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. (CVE-2020-12863)

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. (CVE-2020-12864)

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. (CVE-2020-12865)

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. (CVE-2020-12866)

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. (CVE-2020-12867)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867
https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
https://www.debian.org/lts/security/2020/dla-2231
https://www.debian.org/lts/security/2020/dla-2332
https://ubuntu.com/security/notices/USN-4470-1
========================

Updated packages in core/updates_testing:
========================
lib(64)sane1-1.0.28-1.1.mga7
lib(64)sane1-devel-1.0.28-1.1.mga7
sane-backends-1.0.28-1.1.mga7
sane-backends-iscan-1.0.28-1.1.mga7
sane-backends-doc-1.0.28-1.1.mga7
saned-1.0.28-1.1.mga7

from SRPM:
sane-1.0.28-1.1.mga7.src.rpm

Status comment: Fixed upstream in 1.0.30 => (none)
Source RPM: sane-1.0.28-2.mga8.src.rpm => sane-1.0.28-1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero

Comment 7 Len Lawrence 2020-09-03 16:48:22 CEST 
mga7, x86_64
Added any missing components before updating and checked xsane.  That was working fine.
Updated all the packages and also installed simple-scan.
Tried out xsane and simple-scan.  simple-scan located the HP Photosmart 5520 without any fuss.  Generated a PDF.  No problem viewing the image using xpdf.
An immediate problem with xsane while scanning for devices.  Had to crash out.  Removed the configuration files for the user in .sane/xsane/ and restarted.  That cleared the problem.  Detected the scanner device.  Changed to full colour mode, changed resolution and selected PNG output.  Saved file and exited.  The image looks fine.

CC: (none) => tarazed25
Whiteboard: (none) => MGA7-64-OK

David Walser 2020-09-03 17:02:06 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Aurelien Oudelet 2020-09-04 09:30:28 CEST

Keywords: (none) => advisory

Comment 8 Mageia Robot 2020-09-04 11:17:28 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0360.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED