Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20277: [SECURITY] [DLA 2611-1] ldb security update

A flaw was found in Samba’s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

CVE
#vulnerability#ios#linux#debian#js#ldap#samba

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


Debian LTS Advisory DLA-2611-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 31, 2021 https://wiki.debian.org/LTS


Package : ldb Version : 2:1.1.27-1+deb9u2 CVE ID : CVE-2020-27840 CVE-2021-20277

Two issues have been found in ldb, an LDAP-like embedded database, for example used with samba.

Both issues are related to out of bounds access, either an out of bound read or a heap corrupton, both most likely leading to an application crash.

For Debian 9 stretch, these problems have been fixed in version 2:1.1.27-1+deb9u2.

We recommend that you upgrade your ldb packages.

For the detailed security status of ldb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldb

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBkP2NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdiSQ/+MwdVGtUKTVJnDLnqL2huTkkYdjkfg6t/6CZiEf/+/nLKeqkcQekhBxF0 R0CWvn8LiFDZjKGgCo18vPPcmTripywzp2uYsRc6EU+KnF+wO7gJcEv2Ohp8U6bp 0Q8YQQvW26hoVBiiUPx8af9q+a+p+igLkKFy0Eu/BGDB2HRf3EXlwnN+kw5xWdPd lzoTKkqoydo7NXMM+8Vd51hP4eUByAWfiT93hZp+Zquoo60HsqP5mE9rhVATtBdk Zi5KDz/jA0zXSR4ev8xn/2kg/yv/IoSS0pOP8TMG5qLORA0uFTQ5QskbMHKbdiFi ZsosvR/FjY+r/1TayKRtxzj6Vl28IXWV3XvD32G2a9sKcBHSN+WahCK+qyg8YRPj oRUdrbjHM1wsoKIBwSIFg6vk92avkaJmvdKKEechbizRLIgAZxlWEH11OIb1hfry OdP4Hjxju5jI3NgW6NBGEdj4fblnMK22RBESx7NEjMcC3wIcwxD23Yk4Tg6O7fyy mWlrE6oMWgQmaJ638hwLUdqo8HHzdtZupOJB3bA+5PqeXHmDCocmdBoEcoFWnjF5 gfTd9g/EeWvI6MHus8wrS8jSOStUR424tlLOCaEcHsq7qwesMgDifPHsuKEJZk40 jphbI8Lcgyd6HzWSfhVkn4Ghjc12pc+3ePNeeLYaMhdSjchuiKs= =ulYU -----END PGP SIGNATURE-----

Reply to:

  • [email protected]

  • Thorsten Alteholz (on-list)

  • Thorsten Alteholz (off-list)

  • Prev by Date: [SECURITY] [DLA 2610-1] linux-4.19 security update

  • Next by Date: [SECURITY] [DLA 2612-1] leptonlib security update

  • Previous by thread: [SECURITY] [DLA 2610-1] linux-4.19 security update

  • Next by thread: [SECURITY] [DLA 2612-1] leptonlib security update

  • Index(es):

    • Date
    • Thread

Related news

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2022-26869: DSA-2022-014: Dell EMC PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907