Multiple vulnerabilities have been discovered in ldb, a LDAP-like
embedded database built on top of TDB.
Andrew Bartlett discovered a NULL pointer dereference and
use-after-free flaw when handling 'ASQ' and 'VLV' LDAP controls and
combinations with the LDAP paged_results feature.
Douglas Bagnall discovered a heap corruption flaw via crafted
Douglas Bagnall discovered an out-of-bounds read vulnerability in
handling LDAP attributes that contains multiple consecutive
For the stable distribution (buster), these problems have been fixed in
We recommend that you upgrade your ldb packages.
For the detailed security status of ldb please refer to its security
tracker page at:
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
Debian Security Advisory DSA-4884-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
April 02, 2021 https://www.debian.org/security/faq