Package name
sane
Date
2003-10-09
Advisory ID
MDKSA-2003:099
Affected versions
CS2.1 i586 , 9.0 i586 , CS2.1 x86_64

Problem description

Several vulnerabilities were discovered in the saned daemon, a part of the sane package, which allows for a scanner to be used remotely. The IP address of the remote host is only checked after the first communication occurs, which causes the saned.conf restrictions to be ignored for the first connection. As well, a connection that is dropped early can cause Denial of Service issues due to a number of differing factors. Finally, a lack of error checking can cause various other unfavourable actions. The provided packages have been patched to correct the issues. sane, as distributed in Mandrake Linux 9.1 and higher, have versions where the fixes were applied upstream.

Updated packages

CS2.1 i586

 2de5d3fdcefdbb4ac3e838ceefb8400c  corporate/2.1/RPMS/libsane1-1.0.9-3.3.90mdk.i586.rpm
835aadcbd8e68c75c8c9724dd76db8ca  corporate/2.1/RPMS/libsane1-devel-1.0.9-3.3.90mdk.i586.rpm
4a51bd0457b350551384c2fd99df6386  corporate/2.1/RPMS/sane-backends-1.0.9-3.3.90mdk.i586.rpm
94003e813ce9ff8b85d58207bf4a7d0d  corporate/2.1/SRPMS/sane-1.0.9-3.3.90mdk.src.rpm

9.0 i586

 2de5d3fdcefdbb4ac3e838ceefb8400c  9.0/RPMS/libsane1-1.0.9-3.3.90mdk.i586.rpm
835aadcbd8e68c75c8c9724dd76db8ca  9.0/RPMS/libsane1-devel-1.0.9-3.3.90mdk.i586.rpm
4a51bd0457b350551384c2fd99df6386  9.0/RPMS/sane-backends-1.0.9-3.3.90mdk.i586.rpm
94003e813ce9ff8b85d58207bf4a7d0d  9.0/SRPMS/sane-1.0.9-3.3.90mdk.src.rpm

CS2.1 x86_64

 d7b88780c7bca2bba5397a5015fbf3eb  x86_64/corporate/2.1/RPMS/libsane1-1.0.9-3.3.90mdk.x86_64.rpm
c5829ec4e65696faf8c61749bbd28019  x86_64/corporate/2.1/RPMS/libsane1-devel-1.0.9-3.3.90mdk.x86_64.rpm
0dabd1912470608718c302c69292565c  x86_64/corporate/2.1/RPMS/sane-backends-1.0.9-3.3.90mdk.x86_64.rpm
94003e813ce9ff8b85d58207bf4a7d0d  x86_64/corporate/2.1/SRPMS/sane-1.0.9-3.3.90mdk.src.rpm

References