Описание
Security update for ldb
This update for ldb fixes the following issues:
- CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
ldb-tools-1.4.6-lp151.2.3.1
libldb-devel-1.4.6-lp151.2.3.1
libldb1-1.4.6-lp151.2.3.1
libldb1-32bit-1.4.6-lp151.2.3.1
python-ldb-1.4.6-lp151.2.3.1
python-ldb-32bit-1.4.6-lp151.2.3.1
python-ldb-devel-1.4.6-lp151.2.3.1
python3-ldb-1.4.6-lp151.2.3.1
python3-ldb-32bit-1.4.6-lp151.2.3.1
python3-ldb-devel-1.4.6-lp151.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1121-1
- SUSE Security Ratings
- SUSE Bug 1173159
- SUSE CVE CVE-2020-10730 page
Описание
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.
Затронутые продукты
openSUSE Leap 15.1:ldb-tools-1.4.6-lp151.2.3.1
openSUSE Leap 15.1:libldb-devel-1.4.6-lp151.2.3.1
openSUSE Leap 15.1:libldb1-1.4.6-lp151.2.3.1
openSUSE Leap 15.1:libldb1-32bit-1.4.6-lp151.2.3.1
Ссылки
- CVE-2020-10730
- SUSE Bug 1173159