- ------------------------------------------------------------------------- Debian Security Advisory DSA-4884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ldb CVE ID : CVE-2020-10730 CVE-2020-27840 CVE-2021-20277 Debian Bug : 985935 985936 Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 Andrew Bartlett discovered a NULL pointer dereference and use-after-free flaw when handling 'ASQ' and 'VLV' LDAP controls and combinations with the LDAP paged_results feature. CVE-2020-27840 Douglas Bagnall discovered a heap corruption flaw via crafted DN strings. CVE-2021-20277 Douglas Bagnall discovered an out-of-bounds read vulnerability in handling LDAP attributes that contains multiple consecutive leading spaces. For the stable distribution (buster), these problems have been fixed in version 2:1.5.1+really1.4.6-3+deb10u1. We recommend that you upgrade your ldb packages. For the detailed security status of ldb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldb Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian: DSA-4884-1: ldb security update
April 2, 2021
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB
Summary
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 Andrew Bartlett discovered a NULL pointer dereference and use-after-free flaw when handling 'ASQ' and 'VLV' LDAP controls and combinations with the LDAP paged_results feature. CVE-2020-27840 Douglas Bagnall discovered a heap corruption flaw via crafted DN strings. CVE-2021-20277 Douglas Bagnall discovered an out-of-bounds read vulnerability in handling LDAP attributes that contains multiple consecutive leading spaces. For the stable distribution (buster), these problems have been fixed in version 2:1.5.1+really1.4.6-3+deb10u1. We recommend that you upgrade your ldb packages. For the detailed security status of ldb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldb Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian Security Advisory DSA-4884-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2021 https://www.debian.org/security/faq
Severity
Package : ldb
CVE ID : CVE-2020-10730 CVE-2020-27840 CVE-2021-20277
Debian Bug : 985935 985936
News
HOWTOs
Features
Leveraging the “Power of the Crowd” to Fight Cybercrime with a Unique, Collaborative Intrusion Prevention System
All You Need To Know About IT Security Audits and Its Importance
Time is running out for CentOS 8
Uptycs Lead Engineer Shares Top Tips for Securing the Enterprise
Anatomy of a Linux Ransomware Attack
About Us
Powered By
