Bug#854804: marked as done (saned: CVE-2017-6318: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server)

[Debian Bug Tracking System]

Your message dated Sat, 22 Apr 2017 13:02:08 +0000
with message-id <e1d1ufw-000a8z...@fasolo.debian.org>
and subject line Bug#854804: fixed in sane-backends 1.0.24-8+deb8u2
has caused the Debian Bug report #854804,
regarding saned: CVE-2017-6318: SANE_NET_CONTROL_OPTION response packet may 
contain memory contents of the server
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
854804: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854804
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: sane-utils
Version: 1.0.25-3
Severity: grave
Tags: security upstream
Justification: user security hole

Dear Maintainer,

When saned received a SANE_NET_CONTROL_OPTION packet with value_type ==
SANE_TYPE_STRING and value_size larger than the actual length of the
requested string, the response packet from the server contains a string
object as long as value_size in the request. The bytes following the
actual string appears to contain memory contents from the server.

It may be possible to trigger this bug with other packet types, but I
have not verified this.

I have previously filed a bug in the SANE bug tracker on Alioth
(#315576), but I received no response.


-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sane-utils depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.60
ii  init-system-helpers    1.47
ii  libavahi-client3       0.6.32-2
ii  libavahi-common3       0.6.32-2
ii  libc6                  2.24-9
ii  libieee1284-3          0.2.11-13
ii  libjpeg62-turbo        1:1.5.1-2
ii  libpng16-16            1.6.28-1
ii  libsane                1.0.25-3
ii  libsystemd0            232-6
ii  libusb-1.0-0           2:1.0.21-1
ii  lsb-base               9.20161125
ii  update-inetd           4.44

sane-utils recommends no packages.

Versions of packages sane-utils suggests:
ii  avahi-daemon  0.6.32-2
pn  unpaper       <none>

-- debconf information excluded

--- End Message ---

--- Begin Message ---

Source: sane-backends
Source-Version: 1.0.24-8+deb8u2

We believe that the bug you reported is fixed in the latest version of
sane-backends, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 854...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jörg Frings-Fürst <deb...@jff-webhosting.net> (supplier of updated 
sane-backends package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 Apr 2017 11:51:22 +0200
Source: sane-backends
Binary: sane-utils libsane-common libsane libsane-dev libsane-dbg
Architecture: source amd64 all
Version: 1.0.24-8+deb8u2
Distribution: jessie
Urgency: medium
Maintainer: Jörg Frings-Fürst <deb...@jff-webhosting.net>
Changed-By: Jörg Frings-Fürst <deb...@jff-webhosting.net>
Description:
 libsane    - API library for scanners
 libsane-common - API library for scanners -- documentation and support files
 libsane-dbg - API development library for scanners [debug symbols]
 libsane-dev - API development library for scanners [development files]
 sane-utils - API library for scanners -- utilities
Closes: 854804
Changes:
 sane-backends (1.0.24-8+deb8u2) stable; urgency=medium
 .
   * CVE-2017-6318:
     - New debian/patches/0500-CVE-2017-6318.patch
       + cherry-picked from upstream to fix memory corruption and
         information leakage (Closes: #854804).
Checksums-Sha1:
 33053e795f952686e5028297281aa36b915ed6e7 2493 sane-backends_1.0.24-8+deb8u2.dsc
 1a5d4a2967c304baadae0888bc80f2f904a162dc 98460 
sane-backends_1.0.24-8+deb8u2.debian.tar.xz
 f1a2cf35413f08e0e0687604a5c8a16d24b4ddb7 223022 
sane-utils_1.0.24-8+deb8u2_amd64.deb
 7c915d97f2dda98fd70713096908a066321f3476 1000266 
libsane-common_1.0.24-8+deb8u2_all.deb
 ee6dddce67f1cae4167460de8f65479aa74cac18 2038932 
libsane_1.0.24-8+deb8u2_amd64.deb
 ea73697040b7a87b991f8218fc8c2bc31043ce73 2208572 
libsane-dev_1.0.24-8+deb8u2_amd64.deb
 a4d24bbf50daf3569b25a2b1131f507167de167b 6097174 
libsane-dbg_1.0.24-8+deb8u2_amd64.deb
Checksums-Sha256:
 7d29e428eb73cd5de75277099b1d859d9f4fb385694f6d3725cceef7cf92bf55 2493 
sane-backends_1.0.24-8+deb8u2.dsc
 3b9fec44fc22c98d270351fe864db96f7a57609d83d93d814f1202dfc230c863 98460 
sane-backends_1.0.24-8+deb8u2.debian.tar.xz
 1b6ee13341b376df9edc28f698b8cde7e6269b2848dc28d4bed71873edf587b1 223022 
sane-utils_1.0.24-8+deb8u2_amd64.deb
 21930e99a0545c2bc4503ee98e3ba568b1ec954db93919eb4705379d1120d8da 1000266 
libsane-common_1.0.24-8+deb8u2_all.deb
 175600336c37db4030f2e61f0743fc1f9ae542cfc883700fada210a9b18ffc92 2038932 
libsane_1.0.24-8+deb8u2_amd64.deb
 484bacf3bb28845fc58aed5a53114af44b0e99cf2e5fcddac0d3a03ed179a513 2208572 
libsane-dev_1.0.24-8+deb8u2_amd64.deb
 cace5d841a2bbd2f893daae5f5915c0410539357fb67b7b57febb1ba07026895 6097174 
libsane-dbg_1.0.24-8+deb8u2_amd64.deb
Files:
 973e15cd6dbf31df84b43c5b2b4f671f 2493 graphics optional 
sane-backends_1.0.24-8+deb8u2.dsc
 c864348e6538443ecac3a7fc86e56f13 98460 graphics optional 
sane-backends_1.0.24-8+deb8u2.debian.tar.xz
 7e26630ab519cde672a48f1e4ff46b14 223022 graphics optional 
sane-utils_1.0.24-8+deb8u2_amd64.deb
 1852ab5d4d494d8373418ea9f4629ed6 1000266 libs optional 
libsane-common_1.0.24-8+deb8u2_all.deb
 c5bf45d107fd4a464d5bf0e3614dd17c 2038932 libs optional 
libsane_1.0.24-8+deb8u2_amd64.deb
 32b0fb91e09636334d09c6279b63c5c9 2208572 libdevel optional 
libsane-dev_1.0.24-8+deb8u2_amd64.deb
 212eab0c1e9a869cafcd5378c06a8c58 6097174 debug extra 
libsane-dbg_1.0.24-8+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYv+KdYTgKVaVRgAGdCY7N/W1+RMFAlj6VIcACgkQdCY7N/W1
+ROnaRAArSyE8Kbc6qTJT7sYC0yHT2/HPNgomSYPBPSChVDLVo6X9x2l9zkEgBq7
k6OSR8cQq3UrA5D0SszRsjf82SLukgEuXAsFAjlZmZl1ncyaWKICBALQeK+mKxfW
dKFgWun8WsFWqy+NHSxz86x8DzsfUhRy22rB8rXRh40y+LRtaeEMaUxGYJgbsjdp
/LS8DaCOb2sKqwyPMfVcfVJzwAsFn0YGqerBTm/inyMzyBRxZZOqyB1lWbGOVpaS
+urw0ztPsuAy2PuYf+DMy+tJS9sZKEC6kPiZO/R26vLMUArt1jPDSNID4VeoquR8
7soeZQk6dN7mIQKRCwD+fGTp3hdAXgjsQHBShC1bjRwWaP+Xq5kfagx+wAQ7ooL8
dfm6IcEfr43x6br2dM02ZZWQE6PlArxrhDwN6lXtU4WEL0VQH9kgRITImzhk70rO
j7JEIvvIJ5+Q1S7y9DoQ1sLkw3L/soJjkC88I6DO2y3bsbnGpU4oWSIHccT1yPCD
NXu3eg+jes3C2yCjMtGZgKTqUA0OYIrtLH2rw2bzXbyJjw8UxcHLa4AwzUdgfEaO
utguEJbUgl5SCnBHTiT7S1P6ZjOq5d4MHZ0aM7NIVITeHkDZY6q1v56/tw+egF85
Tkh22ui6itHStsTJFe2hy+ETAYw18lt17Yxqm1vHYBtgUTKYBoA=
=rpgd
-----END PGP SIGNATURE-----

--- End Message ---