Описание
Moderate: libldb security, bug fix, and enhancement update
The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases.
The following packages have been upgraded to a later upstream version: libldb (2.5.2). (BZ#2077490)
Security Fix(es):
- samba: AD users can induce a use-after-free in the server process with an LDAP add or modify request (CVE-2022-32746)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 2077490
- Red Hat - 2108215
Связанные уязвимости
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
A flaw was found in the Samba AD LDAP server. The AD DC database audit ...