Описание
Security update for ldb
This update for ldb fixes the following issues:
- CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).
- CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
Список пакетов
Image SLES15-SP1-Azure-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-Azure-HPC-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-CHOST-BYOS-Azure
libldb1-1.4.6-3.8.1
Image SLES15-SP1-CHOST-BYOS-EC2
libldb1-1.4.6-3.8.1
Image SLES15-SP1-CHOST-BYOS-GCE
libldb1-1.4.6-3.8.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-EC2-HVM-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-GCE-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-Azure
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-Azure-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-EC2-HVM
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-GCE
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAP-GCE-BYOS
libldb1-1.4.6-3.8.1
Image SLES15-SP1-SAPCAL-Azure
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
Image SLES15-SP1-SAPCAL-EC2-HVM
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
Image SLES15-SP1-SAPCAL-GCE
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
SUSE Enterprise Storage 6
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Linux Enterprise Module for Python 2 15 SP2
libldb1-1.4.6-3.8.1
SUSE Linux Enterprise Server 15 SP1-BCL
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Linux Enterprise Server 15 SP1-LTSS
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Manager Proxy 4.0
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Manager Retail Branch Server 4.0
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
SUSE Manager Server 4.0
ldb-tools-1.4.6-3.8.1
libldb-devel-1.4.6-3.8.1
libldb1-1.4.6-3.8.1
libldb1-32bit-1.4.6-3.8.1
python-ldb-1.4.6-3.8.1
python-ldb-devel-1.4.6-3.8.1
python3-ldb-1.4.6-3.8.1
python3-ldb-devel-1.4.6-3.8.1
Ссылки
- Link for SUSE-SU-2021:0944-1
- E-Mail link for SUSE-SU-2021:0944-1
- SUSE Security Ratings
- SUSE Bug 1183572
- SUSE Bug 1183574
- SUSE CVE CVE-2020-27840 page
- SUSE CVE CVE-2021-20277 page
Описание
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Image SLES15-SP1-Azure-BYOS:libldb1-1.4.6-3.8.1
Image SLES15-SP1-Azure-HPC-BYOS:libldb1-1.4.6-3.8.1
Image SLES15-SP1-CHOST-BYOS-Azure:libldb1-1.4.6-3.8.1
Image SLES15-SP1-CHOST-BYOS-EC2:libldb1-1.4.6-3.8.1
Ссылки
- CVE-2020-27840
- SUSE Bug 1183572
Описание
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Image SLES15-SP1-Azure-BYOS:libldb1-1.4.6-3.8.1
Image SLES15-SP1-Azure-HPC-BYOS:libldb1-1.4.6-3.8.1
Image SLES15-SP1-CHOST-BYOS-Azure:libldb1-1.4.6-3.8.1
Image SLES15-SP1-CHOST-BYOS-EC2:libldb1-1.4.6-3.8.1
Ссылки
- CVE-2021-20277
- SUSE Bug 1183574