Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-12862 (GCVE-0-2020-12862)
Vulnerability from cvelistv5 – Published: 2020-06-24 12:52 – Updated: 2024-08-04 12:11
VLAI?
EPSS
Summary
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2020-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"name": "USN-4470-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4470-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2332-2] sane-backends regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"name": "openSUSE-SU-2020:1791",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"name": "openSUSE-SU-2020:1798",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-01T12:06:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"name": "USN-4470-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4470-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2332-2] sane-backends regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"name": "openSUSE-SU-2020:1791",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"name": "openSUSE-SU-2020:1798",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html",
"refsource": "CONFIRM",
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane",
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"name": "USN-4470-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4470-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2332-2] sane-backends regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"name": "openSUSE-SU-2020:1791",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"name": "openSUSE-SU-2020:1798",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12862",
"datePublished": "2020-06-24T12:52:54.000Z",
"dateReserved": "2020-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:19.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sane-project:sane_backends:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.0.30\", \"matchCriteriaId\": \"9A84A93A-50F4-4884-A345-C74DCD6616DF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"902B8056-9E37-443B-8905-8AA93E2447FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.\"}, {\"lang\": \"es\", \"value\": \"Una lectura fuera de l\\u00edmites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la v\\u00edctima leer informaci\\u00f3n importante, tales como las compensaciones ASLR del programa, tambi\\u00e9n se conoce como GHSL-2020-082\"}]",
"id": "CVE-2020-12862",
"lastModified": "2024-11-21T05:00:26.250",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 3.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-06-24T13:15:11.020",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2020-075-libsane\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4470-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2020-075-libsane\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4470-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-12862\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-24T13:15:11.020\",\"lastModified\":\"2024-11-21T05:00:26.250\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.\"},{\"lang\":\"es\",\"value\":\"Una lectura fuera de l\u00edmites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la v\u00edctima leer informaci\u00f3n importante, tales como las compensaciones ASLR del programa, tambi\u00e9n se conoce como GHSL-2020-082\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sane-project:sane_backends:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.30\",\"matchCriteriaId\":\"9A84A93A-50F4-4884-A345-C74DCD6616DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2020-075-libsane\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4470-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2020-075-libsane\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4470-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
OPENSUSE-SU-2020:1798-1
Vulnerability from csaf_opensuse - Published: 2020-11-01 05:23 - Updated: 2020-11-01 05:23Summary
Security update for sane-backends
Notes
Title of the patch
Security update for sane-backends
Description of the patch
This update for sane-backends fixes the following issues:
sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560)
and also fix various security issues:
- CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)
- CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)
- CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)
The upstream changelogs can be found here:
- https://gitlab.com/sane-project/backends/-/releases/1.0.28
- https://gitlab.com/sane-project/backends/-/releases/1.0.29
- https://gitlab.com/sane-project/backends/-/releases/1.0.30
- https://gitlab.com/sane-project/backends/-/releases/1.0.31
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-1798
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sane-backends",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sane-backends fixes the following issues:\n\nsane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560)\nand also fix various security issues:\n\n- CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)\n- CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)\n- CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)\n\nThe upstream changelogs can be found here:\n\n- https://gitlab.com/sane-project/backends/-/releases/1.0.28\n- https://gitlab.com/sane-project/backends/-/releases/1.0.29\n- https://gitlab.com/sane-project/backends/-/releases/1.0.30\n- https://gitlab.com/sane-project/backends/-/releases/1.0.31\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1798",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1798-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1798-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P7WMIMV37TSUISYMGUPUUTKOLGSMIONS/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1798-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P7WMIMV37TSUISYMGUPUUTKOLGSMIONS/"
},
{
"category": "self",
"summary": "SUSE Bug 1172524",
"url": "https://bugzilla.suse.com/1172524"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12861 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12862 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12863 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12864 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12865 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12866 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12867 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12867/"
}
],
"title": "Security update for sane-backends",
"tracking": {
"current_release_date": "2020-11-01T05:23:45Z",
"generator": {
"date": "2020-11-01T05:23:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1798-1",
"initial_release_date": "2020-11-01T05:23:45Z",
"revision_history": [
{
"date": "2020-11-01T05:23:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-lp152.7.3.1.i586",
"product": {
"name": "sane-backends-1.0.31-lp152.7.3.1.i586",
"product_id": "sane-backends-1.0.31-lp152.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"product": {
"name": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"product_id": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"product": {
"name": "sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"product_id": "sane-backends-devel-1.0.31-lp152.7.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-lp152.7.3.1.x86_64",
"product": {
"name": "sane-backends-1.0.31-lp152.7.3.1.x86_64",
"product_id": "sane-backends-1.0.31-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"product": {
"name": "sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"product_id": "sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"product": {
"name": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"product_id": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"product": {
"name": "sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"product_id": "sane-backends-devel-1.0.31-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64",
"product": {
"name": "sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64",
"product_id": "sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586"
},
"product_reference": "sane-backends-1.0.31-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64"
},
"product_reference": "sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586"
},
"product_reference": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64"
},
"product_reference": "sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586"
},
"product_reference": "sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64"
},
"product_reference": "sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
},
"product_reference": "sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12861"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12861",
"url": "https://www.suse.com/security/cve/CVE-2020-12861"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12861",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T05:23:45Z",
"details": "important"
}
],
"title": "CVE-2020-12861"
},
{
"cve": "CVE-2020-12862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12862"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12862",
"url": "https://www.suse.com/security/cve/CVE-2020-12862"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12862",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T05:23:45Z",
"details": "important"
}
],
"title": "CVE-2020-12862"
},
{
"cve": "CVE-2020-12863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12863"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12863",
"url": "https://www.suse.com/security/cve/CVE-2020-12863"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12863",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T05:23:45Z",
"details": "important"
}
],
"title": "CVE-2020-12863"
},
{
"cve": "CVE-2020-12864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12864"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12864",
"url": "https://www.suse.com/security/cve/CVE-2020-12864"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12864",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T05:23:45Z",
"details": "important"
}
],
"title": "CVE-2020-12864"
},
{
"cve": "CVE-2020-12865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12865"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12865",
"url": "https://www.suse.com/security/cve/CVE-2020-12865"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12865",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T05:23:45Z",
"details": "important"
}
],
"title": "CVE-2020-12865"
},
{
"cve": "CVE-2020-12866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12866"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12866",
"url": "https://www.suse.com/security/cve/CVE-2020-12866"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12866",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T05:23:45Z",
"details": "important"
}
],
"title": "CVE-2020-12866"
},
{
"cve": "CVE-2020-12867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12867"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12867",
"url": "https://www.suse.com/security/cve/CVE-2020-12867"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12867",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-32bit-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-autoconfig-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.i586",
"openSUSE Leap 15.2:sane-backends-devel-1.0.31-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:sane-backends-devel-32bit-1.0.31-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-01T05:23:45Z",
"details": "important"
}
],
"title": "CVE-2020-12867"
}
]
}
OPENSUSE-SU-2020:1791-1
Vulnerability from csaf_opensuse - Published: 2020-10-31 13:23 - Updated: 2020-10-31 13:23Summary
Security update for sane-backends
Notes
Title of the patch
Security update for sane-backends
Description of the patch
This update for sane-backends fixes the following issues:
sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560)
and also fix various security issues:
- CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)
- CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)
- CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)
The upstream changelogs can be found here:
- https://gitlab.com/sane-project/backends/-/releases/1.0.28
- https://gitlab.com/sane-project/backends/-/releases/1.0.29
- https://gitlab.com/sane-project/backends/-/releases/1.0.30
- https://gitlab.com/sane-project/backends/-/releases/1.0.31
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2020-1791
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sane-backends",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sane-backends fixes the following issues:\n\nsane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560)\nand also fix various security issues:\n\n- CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)\n- CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)\n- CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)\n\nThe upstream changelogs can be found here:\n\n- https://gitlab.com/sane-project/backends/-/releases/1.0.28\n- https://gitlab.com/sane-project/backends/-/releases/1.0.29\n- https://gitlab.com/sane-project/backends/-/releases/1.0.30\n- https://gitlab.com/sane-project/backends/-/releases/1.0.31\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1791",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1791-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1791-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3U4WY4I4GUOHWAMZSZJUGHR637TI46UN/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1791-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3U4WY4I4GUOHWAMZSZJUGHR637TI46UN/"
},
{
"category": "self",
"summary": "SUSE Bug 1172524",
"url": "https://bugzilla.suse.com/1172524"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12861 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12862 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12863 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12864 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12865 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12866 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12867 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12867/"
}
],
"title": "Security update for sane-backends",
"tracking": {
"current_release_date": "2020-10-31T13:23:03Z",
"generator": {
"date": "2020-10-31T13:23:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1791-1",
"initial_release_date": "2020-10-31T13:23:03Z",
"revision_history": [
{
"date": "2020-10-31T13:23:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-lp151.6.3.1.i586",
"product": {
"name": "sane-backends-1.0.31-lp151.6.3.1.i586",
"product_id": "sane-backends-1.0.31-lp151.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"product": {
"name": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"product_id": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"product": {
"name": "sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"product_id": "sane-backends-devel-1.0.31-lp151.6.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-lp151.6.3.1.x86_64",
"product": {
"name": "sane-backends-1.0.31-lp151.6.3.1.x86_64",
"product_id": "sane-backends-1.0.31-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"product": {
"name": "sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"product_id": "sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"product": {
"name": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"product_id": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"product": {
"name": "sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"product_id": "sane-backends-devel-1.0.31-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64",
"product": {
"name": "sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64",
"product_id": "sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-lp151.6.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586"
},
"product_reference": "sane-backends-1.0.31-lp151.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64"
},
"product_reference": "sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586"
},
"product_reference": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64"
},
"product_reference": "sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-lp151.6.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586"
},
"product_reference": "sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64"
},
"product_reference": "sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
},
"product_reference": "sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12861"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12861",
"url": "https://www.suse.com/security/cve/CVE-2020-12861"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12861",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:23:03Z",
"details": "important"
}
],
"title": "CVE-2020-12861"
},
{
"cve": "CVE-2020-12862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12862"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12862",
"url": "https://www.suse.com/security/cve/CVE-2020-12862"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12862",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:23:03Z",
"details": "important"
}
],
"title": "CVE-2020-12862"
},
{
"cve": "CVE-2020-12863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12863"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12863",
"url": "https://www.suse.com/security/cve/CVE-2020-12863"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12863",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:23:03Z",
"details": "important"
}
],
"title": "CVE-2020-12863"
},
{
"cve": "CVE-2020-12864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12864"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12864",
"url": "https://www.suse.com/security/cve/CVE-2020-12864"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12864",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:23:03Z",
"details": "important"
}
],
"title": "CVE-2020-12864"
},
{
"cve": "CVE-2020-12865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12865"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12865",
"url": "https://www.suse.com/security/cve/CVE-2020-12865"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12865",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:23:03Z",
"details": "important"
}
],
"title": "CVE-2020-12865"
},
{
"cve": "CVE-2020-12866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12866"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12866",
"url": "https://www.suse.com/security/cve/CVE-2020-12866"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12866",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:23:03Z",
"details": "important"
}
],
"title": "CVE-2020-12866"
},
{
"cve": "CVE-2020-12867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12867"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12867",
"url": "https://www.suse.com/security/cve/CVE-2020-12867"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12867",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-32bit-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-autoconfig-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.i586",
"openSUSE Leap 15.1:sane-backends-devel-1.0.31-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:sane-backends-devel-32bit-1.0.31-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-31T13:23:03Z",
"details": "important"
}
],
"title": "CVE-2020-12867"
}
]
}
OPENSUSE-SU-2024:11366-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libsane1-1.0.32-1.6 on GA media
Notes
Title of the patch
libsane1-1.0.32-1.6 on GA media
Description of the patch
These are all security issues fixed in the libsane1-1.0.32-1.6 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11366
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libsane1-1.0.32-1.6 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libsane1-1.0.32-1.6 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11366",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11366-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6318 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12861 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12862 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12865 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12866 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12867 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12867/"
}
],
"title": "libsane1-1.0.32-1.6 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11366-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsane1-1.0.32-1.6.aarch64",
"product": {
"name": "libsane1-1.0.32-1.6.aarch64",
"product_id": "libsane1-1.0.32-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "libsane1-32bit-1.0.32-1.6.aarch64",
"product": {
"name": "libsane1-32bit-1.0.32-1.6.aarch64",
"product_id": "libsane1-32bit-1.0.32-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-1.0.32-1.6.aarch64",
"product": {
"name": "sane-backends-1.0.32-1.6.aarch64",
"product_id": "sane-backends-1.0.32-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.32-1.6.aarch64",
"product": {
"name": "sane-backends-32bit-1.0.32-1.6.aarch64",
"product_id": "sane-backends-32bit-1.0.32-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.32-1.6.aarch64",
"product": {
"name": "sane-backends-autoconfig-1.0.32-1.6.aarch64",
"product_id": "sane-backends-autoconfig-1.0.32-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.32-1.6.aarch64",
"product": {
"name": "sane-backends-devel-1.0.32-1.6.aarch64",
"product_id": "sane-backends-devel-1.0.32-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"product": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"product_id": "sane-backends-devel-32bit-1.0.32-1.6.aarch64"
}
},
{
"category": "product_version",
"name": "sane-saned-1.0.32-1.6.aarch64",
"product": {
"name": "sane-saned-1.0.32-1.6.aarch64",
"product_id": "sane-saned-1.0.32-1.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsane1-1.0.32-1.6.ppc64le",
"product": {
"name": "libsane1-1.0.32-1.6.ppc64le",
"product_id": "libsane1-1.0.32-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "libsane1-32bit-1.0.32-1.6.ppc64le",
"product": {
"name": "libsane1-32bit-1.0.32-1.6.ppc64le",
"product_id": "libsane1-32bit-1.0.32-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-1.0.32-1.6.ppc64le",
"product": {
"name": "sane-backends-1.0.32-1.6.ppc64le",
"product_id": "sane-backends-1.0.32-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.32-1.6.ppc64le",
"product": {
"name": "sane-backends-32bit-1.0.32-1.6.ppc64le",
"product_id": "sane-backends-32bit-1.0.32-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"product": {
"name": "sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"product_id": "sane-backends-autoconfig-1.0.32-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.32-1.6.ppc64le",
"product": {
"name": "sane-backends-devel-1.0.32-1.6.ppc64le",
"product_id": "sane-backends-devel-1.0.32-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"product": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"product_id": "sane-backends-devel-32bit-1.0.32-1.6.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-saned-1.0.32-1.6.ppc64le",
"product": {
"name": "sane-saned-1.0.32-1.6.ppc64le",
"product_id": "sane-saned-1.0.32-1.6.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsane1-1.0.32-1.6.s390x",
"product": {
"name": "libsane1-1.0.32-1.6.s390x",
"product_id": "libsane1-1.0.32-1.6.s390x"
}
},
{
"category": "product_version",
"name": "libsane1-32bit-1.0.32-1.6.s390x",
"product": {
"name": "libsane1-32bit-1.0.32-1.6.s390x",
"product_id": "libsane1-32bit-1.0.32-1.6.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-1.0.32-1.6.s390x",
"product": {
"name": "sane-backends-1.0.32-1.6.s390x",
"product_id": "sane-backends-1.0.32-1.6.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.32-1.6.s390x",
"product": {
"name": "sane-backends-32bit-1.0.32-1.6.s390x",
"product_id": "sane-backends-32bit-1.0.32-1.6.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.32-1.6.s390x",
"product": {
"name": "sane-backends-autoconfig-1.0.32-1.6.s390x",
"product_id": "sane-backends-autoconfig-1.0.32-1.6.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.32-1.6.s390x",
"product": {
"name": "sane-backends-devel-1.0.32-1.6.s390x",
"product_id": "sane-backends-devel-1.0.32-1.6.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-32bit-1.0.32-1.6.s390x",
"product": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.s390x",
"product_id": "sane-backends-devel-32bit-1.0.32-1.6.s390x"
}
},
{
"category": "product_version",
"name": "sane-saned-1.0.32-1.6.s390x",
"product": {
"name": "sane-saned-1.0.32-1.6.s390x",
"product_id": "sane-saned-1.0.32-1.6.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsane1-1.0.32-1.6.x86_64",
"product": {
"name": "libsane1-1.0.32-1.6.x86_64",
"product_id": "libsane1-1.0.32-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "libsane1-32bit-1.0.32-1.6.x86_64",
"product": {
"name": "libsane1-32bit-1.0.32-1.6.x86_64",
"product_id": "libsane1-32bit-1.0.32-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-1.0.32-1.6.x86_64",
"product": {
"name": "sane-backends-1.0.32-1.6.x86_64",
"product_id": "sane-backends-1.0.32-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.32-1.6.x86_64",
"product": {
"name": "sane-backends-32bit-1.0.32-1.6.x86_64",
"product_id": "sane-backends-32bit-1.0.32-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.32-1.6.x86_64",
"product": {
"name": "sane-backends-autoconfig-1.0.32-1.6.x86_64",
"product_id": "sane-backends-autoconfig-1.0.32-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.32-1.6.x86_64",
"product": {
"name": "sane-backends-devel-1.0.32-1.6.x86_64",
"product_id": "sane-backends-devel-1.0.32-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"product": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"product_id": "sane-backends-devel-32bit-1.0.32-1.6.x86_64"
}
},
{
"category": "product_version",
"name": "sane-saned-1.0.32-1.6.x86_64",
"product": {
"name": "sane-saned-1.0.32-1.6.x86_64",
"product_id": "sane-saned-1.0.32-1.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64"
},
"product_reference": "libsane1-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le"
},
"product_reference": "libsane1-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x"
},
"product_reference": "libsane1-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64"
},
"product_reference": "libsane1-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-32bit-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64"
},
"product_reference": "libsane1-32bit-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-32bit-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le"
},
"product_reference": "libsane1-32bit-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-32bit-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x"
},
"product_reference": "libsane1-32bit-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsane1-32bit-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64"
},
"product_reference": "libsane1-32bit-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64"
},
"product_reference": "sane-backends-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le"
},
"product_reference": "sane-backends-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x"
},
"product_reference": "sane-backends-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64"
},
"product_reference": "sane-backends-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64"
},
"product_reference": "sane-backends-32bit-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le"
},
"product_reference": "sane-backends-32bit-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x"
},
"product_reference": "sane-backends-32bit-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64"
},
"product_reference": "sane-backends-32bit-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64"
},
"product_reference": "sane-backends-autoconfig-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le"
},
"product_reference": "sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x"
},
"product_reference": "sane-backends-autoconfig-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64"
},
"product_reference": "sane-backends-autoconfig-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64"
},
"product_reference": "sane-backends-devel-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le"
},
"product_reference": "sane-backends-devel-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x"
},
"product_reference": "sane-backends-devel-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64"
},
"product_reference": "sane-backends-devel-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64"
},
"product_reference": "sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le"
},
"product_reference": "sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x"
},
"product_reference": "sane-backends-devel-32bit-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-32bit-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64"
},
"product_reference": "sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-saned-1.0.32-1.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64"
},
"product_reference": "sane-saned-1.0.32-1.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-saned-1.0.32-1.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le"
},
"product_reference": "sane-saned-1.0.32-1.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-saned-1.0.32-1.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x"
},
"product_reference": "sane-saned-1.0.32-1.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-saned-1.0.32-1.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
},
"product_reference": "sane-saned-1.0.32-1.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-6318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6318"
}
],
"notes": [
{
"category": "general",
"text": "saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6318",
"url": "https://www.suse.com/security/cve/CVE-2017-6318"
},
{
"category": "external",
"summary": "SUSE Bug 1027197 for CVE-2017-6318",
"url": "https://bugzilla.suse.com/1027197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-6318"
},
{
"cve": "CVE-2020-12861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12861"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12861",
"url": "https://www.suse.com/security/cve/CVE-2020-12861"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12861",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12861"
},
{
"cve": "CVE-2020-12862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12862"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12862",
"url": "https://www.suse.com/security/cve/CVE-2020-12862"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12862",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12862"
},
{
"cve": "CVE-2020-12865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12865"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12865",
"url": "https://www.suse.com/security/cve/CVE-2020-12865"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12865",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12865"
},
{
"cve": "CVE-2020-12866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12866"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12866",
"url": "https://www.suse.com/security/cve/CVE-2020-12866"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12866",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12866"
},
{
"cve": "CVE-2020-12867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12867"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12867",
"url": "https://www.suse.com/security/cve/CVE-2020-12867"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12867",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:libsane1-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-autoconfig-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-backends-devel-32bit-1.0.32-1.6.x86_64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.aarch64",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.ppc64le",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.s390x",
"openSUSE Tumbleweed:sane-saned-1.0.32-1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12867"
}
]
}
CVE-2020-12862
Vulnerability from fstec - Published: 22.05.2020
VLAI Severity ?
Title
Уязвимость интерфейса, который предоставляет доступ к устройствам сканирования растровых изображений SANE, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость интерфейса, который предоставляет доступ к устройствам сканирования растровых изображений SANE связана с чтением за допустимыми границами буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», David Mosberger-Tang and Andy Beck, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Sane, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), до 1.0.30 (Sane), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Для Sane:
Использование рекомендаций производителя: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
Для Debian:
Использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2020-12862
Для Astra Linux:
Использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОСОН Основа:
Обновление программного обеспечения sane-backends до версии 1.0.32-4
Для ОС ОН «Стрелец»:
Обновление программного обеспечения sane-backends до версии 1.0.32-4strelets1
Reference
https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
https://nvd.nist.gov/vuln/detail/CVE-2020-12862
https://securitylab.github.com/advisories/GHSL-2020-075-libsane
https://security-tracker.debian.org/tracker/CVE-2020-12862
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-125
{
"CVSS 2.0": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, David Mosberger-Tang and Andy Beck, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u0434\u043e 1.0.30 (Sane), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Sane:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html\n\n\u0414\u043b\u044f Debian:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2020-12862\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f sane-backends \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.0.32-4\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f sane-backends \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.0.32-4strelets1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.05.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.07.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03720",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-12862",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Sane, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0430\u0441\u0442\u0440\u043e\u0432\u044b\u0445 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 SANE, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0430\u0441\u0442\u0440\u043e\u0432\u044b\u0445 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 SANE \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12862\nhttps://securitylab.github.com/advisories/GHSL-2020-075-libsane\nhttps://security-tracker.debian.org/tracker/CVE-2020-12862\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
CNVD-2020-41085
Vulnerability from cnvd - Published: 2020-07-17
VLAI Severity ?
Title
SANE Backends缓冲区溢出漏洞( CNVD-2020-41085)
Description
SANE Backends是一款用于调节软件与数字成像设备之间通信的应用程序编程接口(API)和通信协议。
SANE Backends 1.0.30之前版本中的‘decode_binary’函数存在缓冲区错误漏洞。远程攻击者可利用该漏洞读取重要信息,如程序的ASLR偏移量。
Severity
低
Patch Name
SANE Backends缓冲区溢出漏洞( CNVD-2020-41085)的补丁
Patch Description
SANE Backends是一款用于调节软件与数字成像设备之间通信的应用程序编程接口(API)和通信协议。
SANE Backends 1.0.30之前版本中的‘decode_binary’函数存在缓冲区错误漏洞。远程攻击者可利用该漏洞读取重要信息,如程序的ASLR偏移量。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: http://www.sane-project.org/
Reference
https://vigilance.fr/vulnerability/sane-seven-vulnerabilities-32295
Impacted products
| Name | SANE Backends SANE Backends <1.0.30 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-12862"
}
},
"description": "SANE Backends\u662f\u4e00\u6b3e\u7528\u4e8e\u8c03\u8282\u8f6f\u4ef6\u4e0e\u6570\u5b57\u6210\u50cf\u8bbe\u5907\u4e4b\u95f4\u901a\u4fe1\u7684\u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u548c\u901a\u4fe1\u534f\u8bae\u3002\n\nSANE Backends 1.0.30\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018decode_binary\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u91cd\u8981\u4fe1\u606f\uff0c\u5982\u7a0b\u5e8f\u7684ASLR\u504f\u79fb\u91cf\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.sane-project.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-41085",
"openTime": "2020-07-17",
"patchDescription": "SANE Backends\u662f\u4e00\u6b3e\u7528\u4e8e\u8c03\u8282\u8f6f\u4ef6\u4e0e\u6570\u5b57\u6210\u50cf\u8bbe\u5907\u4e4b\u95f4\u901a\u4fe1\u7684\u5e94\u7528\u7a0b\u5e8f\u7f16\u7a0b\u63a5\u53e3\uff08API\uff09\u548c\u901a\u4fe1\u534f\u8bae\u3002\r\n\r\nSANE Backends 1.0.30\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018decode_binary\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u91cd\u8981\u4fe1\u606f\uff0c\u5982\u7a0b\u5e8f\u7684ASLR\u504f\u79fb\u91cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SANE Backends\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08\t CNVD-2020-41085\uff09\u7684\u8865\u4e01",
"products": {
"product": "SANE Backends SANE Backends \u003c1.0.30"
},
"referenceLink": "https://vigilance.fr/vulnerability/sane-seven-vulnerabilities-32295",
"serverity": "\u4f4e",
"submitTime": "2020-05-27",
"title": "SANE Backends\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08\t CNVD-2020-41085\uff09"
}
FKIE_CVE-2020-12862
Vulnerability from fkie_nvd - Published: 2020-06-24 13:15 - Updated: 2024-11-21 05:00
Severity ?
Summary
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sane-project | sane_backends | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sane-project:sane_backends:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A84A93A-50F4-4884-A345-C74DCD6616DF",
"versionEndExcluding": "1.0.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082."
},
{
"lang": "es",
"value": "Una lectura fuera de l\u00edmites en SANE Backends versiones anteriores a 1.0.30, puede permitir a un dispositivo malicioso conectado a la misma red local que la v\u00edctima leer informaci\u00f3n importante, tales como las compensaciones ASLR del programa, tambi\u00e9n se conoce como GHSL-2020-082"
}
],
"id": "CVE-2020-12862",
"lastModified": "2024-11-21T05:00:26.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-24T13:15:11.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4470-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4470-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-12862
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-12862",
"description": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"id": "GSD-2020-12862",
"references": [
"https://www.suse.com/security/cve/CVE-2020-12862.html",
"https://ubuntu.com/security/CVE-2020-12862",
"https://advisories.mageia.org/CVE-2020-12862.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-12862"
],
"details": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"id": "GSD-2020-12862",
"modified": "2023-12-13T01:21:49.374070Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html",
"refsource": "CONFIRM",
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane",
"refsource": "MISC",
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"name": "USN-4470-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4470-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2332-2] sane-backends regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"name": "openSUSE-SU-2020:1791",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"name": "openSUSE-SU-2020:1798",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sane-project:sane_backends:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12862"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"name": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"name": "USN-4470-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4470-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2332-2] sane-backends regression update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"name": "openSUSE-SU-2020:1798",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
},
{
"name": "openSUSE-SU-2020:1791",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-11-08T03:32Z",
"publishedDate": "2020-06-24T13:15Z"
}
}
}
SUSE-SU-2020:3125-1
Vulnerability from csaf_suse - Published: 2020-11-03 09:15 - Updated: 2020-11-03 09:15Summary
Security update for sane-backends
Notes
Title of the patch
Security update for sane-backends
Description of the patch
This update for sane-backends fixes the following issues:
- sane-backends version upgrade to 1.0.31:
* sane-backends version upgrade to 1.0.30
fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862,
CVE-2020-12863, CVE-2020-12864, CVE-2020-12865,
CVE-2020-12866, CVE-2020-12867 (bsc#1172524)
* sane-backends version upgrade to 1.0.31
to further improve hardware enablement for scanner devices
(jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418)
* The new escl backend cannot be provided for SLE12 because
it requires more additional software (avahi-client, libcurl,
and libpoppler-glib-devel) where in particular for libcurl
the one that is in SLE12 (via libcurl-devel-7.37.0) is likely
too old because with that building the escl backend fails with
'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH'
undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH'
Patchnames
HPE-Helion-OpenStack-8-2020-3125,SUSE-2020-3125,SUSE-OpenStack-Cloud-7-2020-3125,SUSE-OpenStack-Cloud-8-2020-3125,SUSE-OpenStack-Cloud-9-2020-3125,SUSE-OpenStack-Cloud-Crowbar-8-2020-3125,SUSE-OpenStack-Cloud-Crowbar-9-2020-3125,SUSE-SLE-SAP-12-SP2-2020-3125,SUSE-SLE-SAP-12-SP3-2020-3125,SUSE-SLE-SAP-12-SP4-2020-3125,SUSE-SLE-SDK-12-SP5-2020-3125,SUSE-SLE-SERVER-12-SP2-2020-3125,SUSE-SLE-SERVER-12-SP2-BCL-2020-3125,SUSE-SLE-SERVER-12-SP3-2020-3125,SUSE-SLE-SERVER-12-SP3-BCL-2020-3125,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3125,SUSE-SLE-SERVER-12-SP5-2020-3125,SUSE-SLE-WE-12-SP5-2020-3125,SUSE-Storage-5-2020-3125
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sane-backends",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sane-backends fixes the following issues:\n\n- sane-backends version upgrade to 1.0.31:\n * sane-backends version upgrade to 1.0.30\n fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862,\n CVE-2020-12863, CVE-2020-12864, CVE-2020-12865,\n CVE-2020-12866, CVE-2020-12867 (bsc#1172524)\n * sane-backends version upgrade to 1.0.31\n to further improve hardware enablement for scanner devices\n (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418)\n * The new escl backend cannot be provided for SLE12 because\n it requires more additional software (avahi-client, libcurl,\n and libpoppler-glib-devel) where in particular for libcurl\n the one that is in SLE12 (via libcurl-devel-7.37.0) is likely\n too old because with that building the escl backend fails with\n \u0027escl/escl.c:1267:34: error: \u0027CURLOPT_UNIX_SOCKET_PATH\u0027\n undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH\u0027\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-3125,SUSE-2020-3125,SUSE-OpenStack-Cloud-7-2020-3125,SUSE-OpenStack-Cloud-8-2020-3125,SUSE-OpenStack-Cloud-9-2020-3125,SUSE-OpenStack-Cloud-Crowbar-8-2020-3125,SUSE-OpenStack-Cloud-Crowbar-9-2020-3125,SUSE-SLE-SAP-12-SP2-2020-3125,SUSE-SLE-SAP-12-SP3-2020-3125,SUSE-SLE-SAP-12-SP4-2020-3125,SUSE-SLE-SDK-12-SP5-2020-3125,SUSE-SLE-SERVER-12-SP2-2020-3125,SUSE-SLE-SERVER-12-SP2-BCL-2020-3125,SUSE-SLE-SERVER-12-SP3-2020-3125,SUSE-SLE-SERVER-12-SP3-BCL-2020-3125,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3125,SUSE-SLE-SERVER-12-SP5-2020-3125,SUSE-SLE-WE-12-SP5-2020-3125,SUSE-Storage-5-2020-3125",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3125-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3125-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203125-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3125-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007683.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172524",
"url": "https://bugzilla.suse.com/1172524"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6318 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12861 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12862 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12863 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12864 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12865 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12866 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12867 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12867/"
}
],
"title": "Security update for sane-backends",
"tracking": {
"current_release_date": "2020-11-03T09:15:59Z",
"generator": {
"date": "2020-11-03T09:15:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3125-1",
"initial_release_date": "2020-11-03T09:15:59Z",
"revision_history": [
{
"date": "2020-11-03T09:15:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-4.3.1.aarch64",
"product": {
"name": "sane-backends-1.0.31-4.3.1.aarch64",
"product_id": "sane-backends-1.0.31-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-4.3.1.aarch64",
"product": {
"name": "sane-backends-autoconfig-1.0.31-4.3.1.aarch64",
"product_id": "sane-backends-autoconfig-1.0.31-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-4.3.1.aarch64",
"product": {
"name": "sane-backends-devel-1.0.31-4.3.1.aarch64",
"product_id": "sane-backends-devel-1.0.31-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-64bit-1.0.31-4.3.1.aarch64_ilp32",
"product": {
"name": "sane-backends-64bit-1.0.31-4.3.1.aarch64_ilp32",
"product_id": "sane-backends-64bit-1.0.31-4.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-4.3.1.i586",
"product": {
"name": "sane-backends-1.0.31-4.3.1.i586",
"product_id": "sane-backends-1.0.31-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-4.3.1.i586",
"product": {
"name": "sane-backends-autoconfig-1.0.31-4.3.1.i586",
"product_id": "sane-backends-autoconfig-1.0.31-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-4.3.1.i586",
"product": {
"name": "sane-backends-devel-1.0.31-4.3.1.i586",
"product_id": "sane-backends-devel-1.0.31-4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-4.3.1.ppc64le",
"product": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le",
"product_id": "sane-backends-1.0.31-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-4.3.1.ppc64le",
"product": {
"name": "sane-backends-autoconfig-1.0.31-4.3.1.ppc64le",
"product_id": "sane-backends-autoconfig-1.0.31-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-4.3.1.ppc64le",
"product": {
"name": "sane-backends-devel-1.0.31-4.3.1.ppc64le",
"product_id": "sane-backends-devel-1.0.31-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-4.3.1.s390",
"product": {
"name": "sane-backends-1.0.31-4.3.1.s390",
"product_id": "sane-backends-1.0.31-4.3.1.s390"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-4.3.1.s390",
"product": {
"name": "sane-backends-autoconfig-1.0.31-4.3.1.s390",
"product_id": "sane-backends-autoconfig-1.0.31-4.3.1.s390"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-4.3.1.s390",
"product": {
"name": "sane-backends-devel-1.0.31-4.3.1.s390",
"product_id": "sane-backends-devel-1.0.31-4.3.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-4.3.1.s390x",
"product": {
"name": "sane-backends-1.0.31-4.3.1.s390x",
"product_id": "sane-backends-1.0.31-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.31-4.3.1.s390x",
"product": {
"name": "sane-backends-32bit-1.0.31-4.3.1.s390x",
"product_id": "sane-backends-32bit-1.0.31-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-4.3.1.s390x",
"product": {
"name": "sane-backends-autoconfig-1.0.31-4.3.1.s390x",
"product_id": "sane-backends-autoconfig-1.0.31-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-4.3.1.s390x",
"product": {
"name": "sane-backends-devel-1.0.31-4.3.1.s390x",
"product_id": "sane-backends-devel-1.0.31-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-4.3.1.x86_64",
"product": {
"name": "sane-backends-1.0.31-4.3.1.x86_64",
"product_id": "sane-backends-1.0.31-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.31-4.3.1.x86_64",
"product": {
"name": "sane-backends-32bit-1.0.31-4.3.1.x86_64",
"product_id": "sane-backends-32bit-1.0.31-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"product": {
"name": "sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"product_id": "sane-backends-autoconfig-1.0.31-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-4.3.1.x86_64",
"product": {
"name": "sane-backends-devel-1.0.31-4.3.1.x86_64",
"product_id": "sane-backends-devel-1.0.31-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x"
},
"product_reference": "sane-backends-1.0.31-4.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-4.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64"
},
"product_reference": "sane-backends-devel-1.0.31-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-devel-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-4.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x"
},
"product_reference": "sane-backends-devel-1.0.31-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-devel-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x"
},
"product_reference": "sane-backends-1.0.31-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x"
},
"product_reference": "sane-backends-1.0.31-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x"
},
"product_reference": "sane-backends-1.0.31-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x"
},
"product_reference": "sane-backends-1.0.31-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le"
},
"product_reference": "sane-backends-1.0.31-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x"
},
"product_reference": "sane-backends-1.0.31-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-32bit-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-4.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-4.3.1.x86_64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64"
},
"product_reference": "sane-backends-1.0.31-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-6318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6318"
}
],
"notes": [
{
"category": "general",
"text": "saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6318",
"url": "https://www.suse.com/security/cve/CVE-2017-6318"
},
{
"category": "external",
"summary": "SUSE Bug 1027197 for CVE-2017-6318",
"url": "https://bugzilla.suse.com/1027197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "low"
}
],
"title": "CVE-2017-6318"
},
{
"cve": "CVE-2020-12861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12861"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12861",
"url": "https://www.suse.com/security/cve/CVE-2020-12861"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12861",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-12861"
},
{
"cve": "CVE-2020-12862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12862"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12862",
"url": "https://www.suse.com/security/cve/CVE-2020-12862"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12862",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-12862"
},
{
"cve": "CVE-2020-12863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12863"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12863",
"url": "https://www.suse.com/security/cve/CVE-2020-12863"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12863",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-12863"
},
{
"cve": "CVE-2020-12864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12864"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12864",
"url": "https://www.suse.com/security/cve/CVE-2020-12864"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12864",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-12864"
},
{
"cve": "CVE-2020-12865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12865"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12865",
"url": "https://www.suse.com/security/cve/CVE-2020-12865"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12865",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-12865"
},
{
"cve": "CVE-2020-12866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12866"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12866",
"url": "https://www.suse.com/security/cve/CVE-2020-12866"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12866",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-12866"
},
{
"cve": "CVE-2020-12867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12867"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12867",
"url": "https://www.suse.com/security/cve/CVE-2020-12867"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12867",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Enterprise Storage 5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:sane-backends-devel-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-32bit-1.0.31-4.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:sane-backends-autoconfig-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.s390x",
"SUSE OpenStack Cloud 7:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:sane-backends-1.0.31-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:sane-backends-1.0.31-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-03T09:15:59Z",
"details": "important"
}
],
"title": "CVE-2020-12867"
}
]
}
SUSE-SU-2020:3065-1
Vulnerability from csaf_suse - Published: 2020-10-28 08:38 - Updated: 2020-10-28 08:38Summary
Security update for sane-backends
Notes
Title of the patch
Security update for sane-backends
Description of the patch
This update for sane-backends fixes the following issues:
sane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560)
and also fix various security issues:
- CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)
- CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)
- CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)
The upstream changelogs can be found here:
- https://gitlab.com/sane-project/backends/-/releases/1.0.28
- https://gitlab.com/sane-project/backends/-/releases/1.0.29
- https://gitlab.com/sane-project/backends/-/releases/1.0.30
- https://gitlab.com/sane-project/backends/-/releases/1.0.31
Patchnames
SUSE-2020-3065,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3065,SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3065,SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3065,SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3065
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sane-backends",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sane-backends fixes the following issues:\n\nsane-backends was updated to 1.0.31 to further improve hardware enablement for scanner devices (jsc#ECO-2418 jsc#SLE-15561 jsc#SLE-15560)\nand also fix various security issues:\n\n- CVE-2020-12861,CVE-2020-12865: Fixed an out of bounds write (bsc#1172524)\n- CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,: Fixed an out of bounds read (bsc#1172524)\n- CVE-2020-12866,CVE-2020-12867: Fixed a null pointer dereference (bsc#1172524)\n\nThe upstream changelogs can be found here:\n\n- https://gitlab.com/sane-project/backends/-/releases/1.0.28\n- https://gitlab.com/sane-project/backends/-/releases/1.0.29\n- https://gitlab.com/sane-project/backends/-/releases/1.0.30\n- https://gitlab.com/sane-project/backends/-/releases/1.0.31\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3065,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3065,SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3065,SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-3065,SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3065",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3065-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3065-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203065-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3065-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-October/007652.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172524",
"url": "https://bugzilla.suse.com/1172524"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12861 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12862 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12863 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12864 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12865 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12866 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12867 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12867/"
}
],
"title": "Security update for sane-backends",
"tracking": {
"current_release_date": "2020-10-28T08:38:57Z",
"generator": {
"date": "2020-10-28T08:38:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3065-1",
"initial_release_date": "2020-10-28T08:38:57Z",
"revision_history": [
{
"date": "2020-10-28T08:38:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-6.3.2.aarch64",
"product": {
"name": "sane-backends-1.0.31-6.3.2.aarch64",
"product_id": "sane-backends-1.0.31-6.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"product": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"product_id": "sane-backends-autoconfig-1.0.31-6.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-6.3.2.aarch64",
"product": {
"name": "sane-backends-devel-1.0.31-6.3.2.aarch64",
"product_id": "sane-backends-devel-1.0.31-6.3.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-64bit-1.0.31-6.3.2.aarch64_ilp32",
"product": {
"name": "sane-backends-64bit-1.0.31-6.3.2.aarch64_ilp32",
"product_id": "sane-backends-64bit-1.0.31-6.3.2.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-64bit-1.0.31-6.3.2.aarch64_ilp32",
"product": {
"name": "sane-backends-devel-64bit-1.0.31-6.3.2.aarch64_ilp32",
"product_id": "sane-backends-devel-64bit-1.0.31-6.3.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-6.3.2.i586",
"product": {
"name": "sane-backends-1.0.31-6.3.2.i586",
"product_id": "sane-backends-1.0.31-6.3.2.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-6.3.2.i586",
"product": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.i586",
"product_id": "sane-backends-autoconfig-1.0.31-6.3.2.i586"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-6.3.2.i586",
"product": {
"name": "sane-backends-devel-1.0.31-6.3.2.i586",
"product_id": "sane-backends-devel-1.0.31-6.3.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-6.3.2.ppc64le",
"product": {
"name": "sane-backends-1.0.31-6.3.2.ppc64le",
"product_id": "sane-backends-1.0.31-6.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"product": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"product_id": "sane-backends-autoconfig-1.0.31-6.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-6.3.2.ppc64le",
"product": {
"name": "sane-backends-devel-1.0.31-6.3.2.ppc64le",
"product_id": "sane-backends-devel-1.0.31-6.3.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-6.3.2.s390x",
"product": {
"name": "sane-backends-1.0.31-6.3.2.s390x",
"product_id": "sane-backends-1.0.31-6.3.2.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"product": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"product_id": "sane-backends-autoconfig-1.0.31-6.3.2.s390x"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-6.3.2.s390x",
"product": {
"name": "sane-backends-devel-1.0.31-6.3.2.s390x",
"product_id": "sane-backends-devel-1.0.31-6.3.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sane-backends-1.0.31-6.3.2.x86_64",
"product": {
"name": "sane-backends-1.0.31-6.3.2.x86_64",
"product_id": "sane-backends-1.0.31-6.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-32bit-1.0.31-6.3.2.x86_64",
"product": {
"name": "sane-backends-32bit-1.0.31-6.3.2.x86_64",
"product_id": "sane-backends-32bit-1.0.31-6.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"product": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"product_id": "sane-backends-autoconfig-1.0.31-6.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-1.0.31-6.3.2.x86_64",
"product": {
"name": "sane-backends-devel-1.0.31-6.3.2.x86_64",
"product_id": "sane-backends-devel-1.0.31-6.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "sane-backends-devel-32bit-1.0.31-6.3.2.x86_64",
"product": {
"name": "sane-backends-devel-32bit-1.0.31-6.3.2.x86_64",
"product_id": "sane-backends-devel-32bit-1.0.31-6.3.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64"
},
"product_reference": "sane-backends-1.0.31-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le"
},
"product_reference": "sane-backends-1.0.31-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x"
},
"product_reference": "sane-backends-1.0.31-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64"
},
"product_reference": "sane-backends-1.0.31-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le"
},
"product_reference": "sane-backends-1.0.31-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x"
},
"product_reference": "sane-backends-1.0.31-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-autoconfig-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-devel-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-devel-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-32bit-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sane-backends-32bit-1.0.31-6.3.2.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
},
"product_reference": "sane-backends-32bit-1.0.31-6.3.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12861"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12861",
"url": "https://www.suse.com/security/cve/CVE-2020-12861"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12861",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-28T08:38:57Z",
"details": "important"
}
],
"title": "CVE-2020-12861"
},
{
"cve": "CVE-2020-12862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12862"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12862",
"url": "https://www.suse.com/security/cve/CVE-2020-12862"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12862",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-28T08:38:57Z",
"details": "important"
}
],
"title": "CVE-2020-12862"
},
{
"cve": "CVE-2020-12863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12863"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12863",
"url": "https://www.suse.com/security/cve/CVE-2020-12863"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12863",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-28T08:38:57Z",
"details": "important"
}
],
"title": "CVE-2020-12863"
},
{
"cve": "CVE-2020-12864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12864"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12864",
"url": "https://www.suse.com/security/cve/CVE-2020-12864"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12864",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-28T08:38:57Z",
"details": "important"
}
],
"title": "CVE-2020-12864"
},
{
"cve": "CVE-2020-12865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12865"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12865",
"url": "https://www.suse.com/security/cve/CVE-2020-12865"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12865",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-28T08:38:57Z",
"details": "important"
}
],
"title": "CVE-2020-12865"
},
{
"cve": "CVE-2020-12866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12866"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12866",
"url": "https://www.suse.com/security/cve/CVE-2020-12866"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12866",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-28T08:38:57Z",
"details": "important"
}
],
"title": "CVE-2020-12866"
},
{
"cve": "CVE-2020-12867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12867"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12867",
"url": "https://www.suse.com/security/cve/CVE-2020-12867"
},
{
"category": "external",
"summary": "SUSE Bug 1172524 for CVE-2020-12867",
"url": "https://bugzilla.suse.com/1172524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP1:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-autoconfig-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP2:sane-backends-devel-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP1:sane-backends-32bit-1.0.31-6.3.2.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP2:sane-backends-32bit-1.0.31-6.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-28T08:38:57Z",
"details": "important"
}
],
"title": "CVE-2020-12867"
}
]
}
GHSA-9CXX-XCJ5-Q2JX
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-11-08 12:00
VLAI?
Details
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
Severity ?
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2020-12862"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-24T13:15:00Z",
"severity": "LOW"
},
"details": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.",
"id": "GHSA-9cxx-xcj5-q2jx",
"modified": "2022-11-08T12:00:19Z",
"published": "2022-05-24T17:21:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12862"
},
{
"type": "WEB",
"url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4470-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…