Описание
Security update for ldb
This update for ldb fixes the following issues:
- CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).
- CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
Список пакетов
Image SLES15-SP2-Azure-Basic
libldb2-2.0.12-3.6.1
Image SLES15-SP2-Azure-Standard
libldb2-2.0.12-3.6.1
Image SLES15-SP2-BYOS-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-BYOS-EC2-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-BYOS-GCE
libldb2-2.0.12-3.6.1
Image SLES15-SP2-CHOST-BYOS-Aliyun
libldb2-2.0.12-3.6.1
Image SLES15-SP2-CHOST-BYOS-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-CHOST-BYOS-EC2
libldb2-2.0.12-3.6.1
Image SLES15-SP2-CHOST-BYOS-GCE
libldb2-2.0.12-3.6.1
Image SLES15-SP2-EC2-ECS-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-EC2-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-GCE
libldb2-2.0.12-3.6.1
Image SLES15-SP2-HPC-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-HPC-BYOS-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
libldb2-2.0.12-3.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-BYOS-Azure
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-BYOS-GCE
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-EC2-HVM
libldb2-2.0.12-3.6.1
Image SLES15-SP2-SAP-GCE
libldb2-2.0.12-3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
ldb-tools-2.0.12-3.6.1
libldb-devel-2.0.12-3.6.1
libldb2-2.0.12-3.6.1
libldb2-32bit-2.0.12-3.6.1
python3-ldb-2.0.12-3.6.1
python3-ldb-devel-2.0.12-3.6.1
Ссылки
- Link for SUSE-SU-2021:0945-1
- E-Mail link for SUSE-SU-2021:0945-1
- SUSE Security Ratings
- SUSE Bug 1183572
- SUSE Bug 1183574
- SUSE CVE CVE-2020-27840 page
- SUSE CVE CVE-2021-20277 page
Описание
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Image SLES15-SP2-Azure-Basic:libldb2-2.0.12-3.6.1
Image SLES15-SP2-Azure-Standard:libldb2-2.0.12-3.6.1
Image SLES15-SP2-BYOS-Azure:libldb2-2.0.12-3.6.1
Image SLES15-SP2-BYOS-EC2-HVM:libldb2-2.0.12-3.6.1
Ссылки
- CVE-2020-27840
- SUSE Bug 1183572
Описание
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Image SLES15-SP2-Azure-Basic:libldb2-2.0.12-3.6.1
Image SLES15-SP2-Azure-Standard:libldb2-2.0.12-3.6.1
Image SLES15-SP2-BYOS-Azure:libldb2-2.0.12-3.6.1
Image SLES15-SP2-BYOS-EC2-HVM:libldb2-2.0.12-3.6.1
Ссылки
- CVE-2021-20277
- SUSE Bug 1183574