Headline
CVE-2021-20277: [SECURITY] [DLA 2611-1] ldb security update
A flaw was found in Samba’s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]
- To: [email protected]
- Subject: [SECURITY] [DLA 2611-1] ldb security update
- From: Thorsten Alteholz <[email protected]>
- Date: Wed, 31 Mar 2021 09:22:43 +0000 (UTC)
- Message-id: <[🔎] [email protected]>
- Mail-followup-to: [email protected]
- Reply-to: [email protected]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian LTS Advisory DLA-2611-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 31, 2021 https://wiki.debian.org/LTS
Package : ldb Version : 2:1.1.27-1+deb9u2 CVE ID : CVE-2020-27840 CVE-2021-20277
Two issues have been found in ldb, an LDAP-like embedded database, for example used with samba.
Both issues are related to out of bounds access, either an out of bound read or a heap corrupton, both most likely leading to an application crash.
For Debian 9 stretch, these problems have been fixed in version 2:1.1.27-1+deb9u2.
We recommend that you upgrade your ldb packages.
For the detailed security status of ldb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldb
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBkP2NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdiSQ/+MwdVGtUKTVJnDLnqL2huTkkYdjkfg6t/6CZiEf/+/nLKeqkcQekhBxF0 R0CWvn8LiFDZjKGgCo18vPPcmTripywzp2uYsRc6EU+KnF+wO7gJcEv2Ohp8U6bp 0Q8YQQvW26hoVBiiUPx8af9q+a+p+igLkKFy0Eu/BGDB2HRf3EXlwnN+kw5xWdPd lzoTKkqoydo7NXMM+8Vd51hP4eUByAWfiT93hZp+Zquoo60HsqP5mE9rhVATtBdk Zi5KDz/jA0zXSR4ev8xn/2kg/yv/IoSS0pOP8TMG5qLORA0uFTQ5QskbMHKbdiFi ZsosvR/FjY+r/1TayKRtxzj6Vl28IXWV3XvD32G2a9sKcBHSN+WahCK+qyg8YRPj oRUdrbjHM1wsoKIBwSIFg6vk92avkaJmvdKKEechbizRLIgAZxlWEH11OIb1hfry OdP4Hjxju5jI3NgW6NBGEdj4fblnMK22RBESx7NEjMcC3wIcwxD23Yk4Tg6O7fyy mWlrE6oMWgQmaJ638hwLUdqo8HHzdtZupOJB3bA+5PqeXHmDCocmdBoEcoFWnjF5 gfTd9g/EeWvI6MHus8wrS8jSOStUR424tlLOCaEcHsq7qwesMgDifPHsuKEJZk40 jphbI8Lcgyd6HzWSfhVkn4Ghjc12pc+3ePNeeLYaMhdSjchuiKs= =ulYU -----END PGP SIGNATURE-----
Reply to:
Thorsten Alteholz (on-list)
Thorsten Alteholz (off-list)
Prev by Date: [SECURITY] [DLA 2610-1] linux-4.19 security update
Next by Date: [SECURITY] [DLA 2612-1] leptonlib security update
Previous by thread: [SECURITY] [DLA 2610-1] linux-4.19 security update
Next by thread: [SECURITY] [DLA 2612-1] leptonlib security update
Index(es):
- Date
- Thread
Related news
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.