Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 14.04 ESM USN-4888-2: Critical Ldb Remote Attacks Fixed

ubuntu
Calendar Grey March 25, 2021
Dist Ubuntu Esm H88
A series of ldb security flaws have been resolved in Ubuntu 14.04 ESM, which could potentially enable remote threats that result in service instability.
Several security issues were fixed in ldb.

Summary

Several security issues were fixed in ldb.

Software Description:

- ldb: LDAP-like embedded database

Details:

USN-4888-1 fixed several vulnerabilities in ldb. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly

handled certain LDAP attributes. A remote attacker could possibly use this

issue to cause the LDAP server to crash, resulting in a denial of service.

(CVE-2021-20277)

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly

handled certain DN strings. A remote attacker could use this issue to

cause the LDAP server to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2020-27840)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libldb1                         1:1.1.24-0ubuntu0.14.04.2+esm1

After a standard system update you need to restart applications using ldb,
such as Samba, to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4888-2

https://ubuntu.com/security/notices/USN-4888-1

CVE-2020-27840, CVE-2021-20277

Severity
critical
Lowest
Low
Medium
High
Critical

March 25, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.