Novell is now a part of Micro Focus

Security update for sane

Knowledgebase

(Last modified: 24OCT2003)


solutions Security update for sane SuSE Linux Maintenance Web (037b89db18ce7008d911efba35e6498a)

Applies to

Product(s): SuSE Linux Desktop 1.0

Package: sane
Release: 20031024
Obsoletes: none

Indications

Upgrade to fix some remote exploitable bugs.

Problem description

This patch fixes following security problems:
  • CAN-2003-0773: saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call.
  • CAN-2003-0774: saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
  • CAN-2003-0775: saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
  • CAN-2003-0776: saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.
  • CAN-2003-0777: saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).
  • CAN-2003-0778: saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).
If you have "saned" running (you can check with "rcsaned status"), do an
rcsaned restart
after the upgrade.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh sane.rpm
If you have "saned" running (you can check with "rcsaned status"), do an
rcsaned restart
after the upgrade.

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus