Описание
Security update for ldb
This update for ldb fixes the following issues:
- CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).
- CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
ldb-tools-2.0.12-lp152.2.9.1
libldb-devel-2.0.12-lp152.2.9.1
libldb2-2.0.12-lp152.2.9.1
libldb2-32bit-2.0.12-lp152.2.9.1
python3-ldb-2.0.12-lp152.2.9.1
python3-ldb-32bit-2.0.12-lp152.2.9.1
python3-ldb-devel-2.0.12-lp152.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0469-1
- SUSE Security Ratings
- SUSE Bug 1183572
- SUSE Bug 1183574
- SUSE CVE CVE-2020-27840 page
- SUSE CVE CVE-2021-20277 page
Описание
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
Затронутые продукты
openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1
openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1
openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1
openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1
Ссылки
- CVE-2020-27840
- SUSE Bug 1183572
Описание
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
Затронутые продукты
openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1
openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1
openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1
openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1
Ссылки
- CVE-2021-20277
- SUSE Bug 1183574