Headline
Ubuntu Security Notice USN-5992-1
Ubuntu Security Notice 5992-1 - Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information.
==========================================================================Ubuntu Security Notice USN-5992-1April 03, 2023ldb vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:ldb could be made to expose sensitive information over the network.Software Description:- ldb: LDAP-like embedded databaseDetails:Demi Marie Obenour discovered that ldb, when used with Samba, incorrectlyhandled certain confidential attribute values. A remote authenticatedattacker could possibly use this issue to obtain certain sensitiveinformation.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: libldb2 2:2.4.4-0ubuntu0.22.04.2Ubuntu 20.04 LTS: libldb2 2:2.4.4-0ubuntu0.20.04.2After a standard system update you need to restart applications using ldb,such as Samba, to make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5992-1 CVE-2023-0614Package Information: https://launchpad.net/ubuntu/+source/ldb/2:2.4.4-0ubuntu0.22.04.2 https://launchpad.net/ubuntu/+source/ldb/2:2.4.4-0ubuntu0.20.04.2Related news
Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Ubuntu Security Notice 5993-1 - Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. Andrew Bartlett discovered that the Samba AD DC admin tool incorrectly sent passwords in cleartext. A remote attacker could possibly use this issue to obtain sensitive information.