Debian Security Advisory
DLA-940-1 sane-backends -- LTS security update
- Date Reported:
- 13 May 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-6318.
- More information:
It was discovered that there was an issue in sane-backends, an API library for scanners. It allowed remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
For Debian 7
Wheezy, this issue has been fixed in sane-backends version 1.0.22-7.4+deb7u1.
We recommend that you upgrade your sane-backends packages.