Debian: DSA-4884-1: ldb security update
Debian: DSA-4884-1: ldb security update
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4884-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ldb CVE ID : CVE-2020-10730 CVE-2020-27840 CVE-2021-20277 Debian Bug : 985935 985936 Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 Andrew Bartlett discovered a NULL pointer dereference and use-after-free flaw when handling 'ASQ' and 'VLV' LDAP controls and combinations with the LDAP paged_results feature. CVE-2020-27840 Douglas Bagnall discovered a heap corruption flaw via crafted DN strings. CVE-2021-20277 Douglas Bagnall discovered an out-of-bounds read vulnerability in handling LDAP attributes that contains multiple consecutive leading spaces. For the stable distribution (buster), these problems have been fixed in version 2:1.5.1+really1.4.6-3+deb10u1. We recommend that you upgrade your ldb packages. For the detailed security status of ldb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldb Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
