An update for sane-backends is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1590 Final 1.0 1.0 2024-05-17 Initial 2024-05-17 2024-05-17 openEuler SA Tool V1.0 2024-05-17 sane-backends security update An update for sane-backends is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners and other image acquisition devices like digital still and video cameras. Security Fix(es): An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.(CVE-2023-46047) Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.(CVE-2023-46052) An update for sane-backends is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low sane-backends https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1590 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-46047 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-46052 https://nvd.nist.gov/vuln/detail/CVE-2023-46047 https://nvd.nist.gov/vuln/detail/CVE-2023-46052 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 sane-backends-drivers-cameras-1.0.28-12.oe1.aarch64.rpm sane-backends-debugsource-1.0.28-12.oe1.aarch64.rpm sane-backends-debuginfo-1.0.28-12.oe1.aarch64.rpm sane-backends-drivers-scanners-1.0.28-12.oe1.aarch64.rpm sane-backends-daemon-1.0.28-12.oe1.aarch64.rpm sane-backends-devel-1.0.28-12.oe1.aarch64.rpm sane-backends-libs-1.0.28-12.oe1.aarch64.rpm sane-backends-1.0.28-12.oe1.aarch64.rpm sane-backends-debuginfo-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-debugsource-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-libs-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-daemon-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-devel-1.0.28-12.oe2003sp4.aarch64.rpm sane-backends-daemon-1.0.28-12.oe2203.aarch64.rpm sane-backends-debuginfo-1.0.28-12.oe2203.aarch64.rpm sane-backends-libs-1.0.28-12.oe2203.aarch64.rpm sane-backends-1.0.28-12.oe2203.aarch64.rpm sane-backends-devel-1.0.28-12.oe2203.aarch64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203.aarch64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203.aarch64.rpm sane-backends-debugsource-1.0.28-12.oe2203.aarch64.rpm sane-backends-debuginfo-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-devel-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-daemon-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-debugsource-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-libs-1.0.28-12.oe2203sp1.aarch64.rpm sane-backends-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-debuginfo-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-devel-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-libs-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-daemon-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-debugsource-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203sp2.aarch64.rpm sane-backends-daemon-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-debuginfo-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-libs-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-devel-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-debugsource-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203sp3.aarch64.rpm sane-backends-help-1.0.28-12.oe1.noarch.rpm sane-backends-help-1.0.28-12.oe2003sp4.noarch.rpm sane-backends-help-1.0.28-12.oe2203.noarch.rpm sane-backends-help-1.0.28-12.oe2203sp1.noarch.rpm sane-backends-help-1.0.28-12.oe2203sp2.noarch.rpm sane-backends-help-1.0.28-12.oe2203sp3.noarch.rpm sane-backends-1.0.28-12.oe1.src.rpm sane-backends-1.0.28-12.oe2003sp4.src.rpm sane-backends-1.0.28-12.oe2203.src.rpm sane-backends-1.0.28-12.oe2203sp1.src.rpm sane-backends-1.0.28-12.oe2203sp2.src.rpm sane-backends-1.0.28-12.oe2203sp3.src.rpm sane-backends-drivers-scanners-1.0.28-12.oe1.x86_64.rpm sane-backends-debugsource-1.0.28-12.oe1.x86_64.rpm sane-backends-debuginfo-1.0.28-12.oe1.x86_64.rpm sane-backends-drivers-cameras-1.0.28-12.oe1.x86_64.rpm sane-backends-daemon-1.0.28-12.oe1.x86_64.rpm sane-backends-1.0.28-12.oe1.x86_64.rpm sane-backends-libs-1.0.28-12.oe1.x86_64.rpm sane-backends-devel-1.0.28-12.oe1.x86_64.rpm sane-backends-daemon-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-libs-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-devel-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-debuginfo-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-debugsource-1.0.28-12.oe2003sp4.x86_64.rpm sane-backends-debugsource-1.0.28-12.oe2203.x86_64.rpm sane-backends-debuginfo-1.0.28-12.oe2203.x86_64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203.x86_64.rpm sane-backends-devel-1.0.28-12.oe2203.x86_64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203.x86_64.rpm sane-backends-libs-1.0.28-12.oe2203.x86_64.rpm sane-backends-daemon-1.0.28-12.oe2203.x86_64.rpm sane-backends-1.0.28-12.oe2203.x86_64.rpm sane-backends-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-daemon-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-libs-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-debuginfo-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-devel-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-debugsource-1.0.28-12.oe2203sp1.x86_64.rpm sane-backends-debugsource-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-libs-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-debuginfo-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-devel-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-daemon-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-1.0.28-12.oe2203sp2.x86_64.rpm sane-backends-debugsource-1.0.28-12.oe2203sp3.x86_64.rpm sane-backends-drivers-scanners-1.0.28-12.oe2203sp3.x86_64.rpm sane-backends-libs-1.0.28-12.oe2203sp3.x86_64.rpm sane-backends-drivers-cameras-1.0.28-12.oe2203sp3.x86_64.rpm sane-backends-debuginfo-1.0.28-12.oe2203sp3.x86_64.rpm sane-backends-devel-1.0.28-12.oe2203sp3.x86_64.rpm sane-backends-1.0.28-12.oe2203sp3.x86_64.rpm sane-backends-daemon-1.0.28-12.oe2203sp3.x86_64.rpm An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. 2024-05-17 CVE-2023-46047 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Low 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L sane-backends security update 2024-05-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1590 Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file. 2024-05-17 CVE-2023-46052 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Low 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L sane-backends security update 2024-05-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1590