Advisories

Mandriva Advisories

Package name	sane
Date	October 9th, 2003
Advisory ID	MDKSA-2003:099
Affected versions	9.0, CS2.1
Synopsis	Updated sane packages fix remote vulnerabilities

Problem Description

Several vulnerabilities were discovered in the saned daemon, a part of
the sane package, which allows for a scanner to be used remotely. The
IP address of the remote host is only checked after the first
communication occurs, which causes the saned.conf restrictions to be
ignored for the first connection. As well, a connection that is
dropped early can cause Denial of Service issues due to a number of
differing factors. Finally, a lack of error checking can cause various
other unfavourable actions.

The provided packages have been patched to correct the issues. sane,
as distributed in Mandrake Linux 9.1 and higher, have versions where
the fixes were applied upstream.

Updated Packages

Mandrakelinux 9.0

 2de5d3fdcefdbb4ac3e838ceefb8400c  9.0/RPMS/libsane1-1.0.9-3.3.90mdk.i586.rpm
835aadcbd8e68c75c8c9724dd76db8ca  9.0/RPMS/libsane1-devel-1.0.9-3.3.90mdk.i586.rpm
4a51bd0457b350551384c2fd99df6386  9.0/RPMS/sane-backends-1.0.9-3.3.90mdk.i586.rpm
94003e813ce9ff8b85d58207bf4a7d0d  9.0/SRPMS/sane-1.0.9-3.3.90mdk.src.rpm

Corporate Server 2.1

 2de5d3fdcefdbb4ac3e838ceefb8400c  corporate/2.1/RPMS/libsane1-1.0.9-3.3.90mdk.i586.rpm
835aadcbd8e68c75c8c9724dd76db8ca  corporate/2.1/RPMS/libsane1-devel-1.0.9-3.3.90mdk.i586.rpm
4a51bd0457b350551384c2fd99df6386  corporate/2.1/RPMS/sane-backends-1.0.9-3.3.90mdk.i586.rpm
94003e813ce9ff8b85d58207bf4a7d0d  corporate/2.1/SRPMS/sane-1.0.9-3.3.90mdk.src.rpm

Corporate Server 2.1/X86_64

 d7b88780c7bca2bba5397a5015fbf3eb  x86_64/corporate/2.1/RPMS/libsane1-1.0.9-3.3.90mdk.x86_64.rpm
c5829ec4e65696faf8c61749bbd28019  x86_64/corporate/2.1/RPMS/libsane1-devel-1.0.9-3.3.90mdk.x86_64.rpm
0dabd1912470608718c302c69292565c  x86_64/corporate/2.1/RPMS/sane-backends-1.0.9-3.3.90mdk.x86_64.rpm
94003e813ce9ff8b85d58207bf4a7d0d  x86_64/corporate/2.1/SRPMS/sane-1.0.9-3.3.90mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0778

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer