Security update for ldb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0469-1 Final 1 1 2021-03-25T08:10:39Z current 2021-03-25T08:10:39Z 2021-03-25T08:10:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ldb This update for ldb fixes the following issues: - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). This update was imported from the SUSE:SLE-15-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-469 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLNA72I7E6KKMIQOHXHYRPDYGMW5KH4K/ E-Mail link for openSUSE-SU-2021:0469-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1183572 SUSE Bug 1183572 https://bugzilla.suse.com/1183574 SUSE Bug 1183574 https://www.suse.com/security/cve/CVE-2020-27840/ SUSE CVE CVE-2020-27840 page https://www.suse.com/security/cve/CVE-2021-20277/ SUSE CVE CVE-2021-20277 page openSUSE Leap 15.2 ldb-tools-2.0.12-lp152.2.9.1 libldb-devel-2.0.12-lp152.2.9.1 libldb2-2.0.12-lp152.2.9.1 libldb2-32bit-2.0.12-lp152.2.9.1 python3-ldb-2.0.12-lp152.2.9.1 python3-ldb-32bit-2.0.12-lp152.2.9.1 python3-ldb-devel-2.0.12-lp152.2.9.1 ldb-tools-2.0.12-lp152.2.9.1 as a component of openSUSE Leap 15.2 libldb-devel-2.0.12-lp152.2.9.1 as a component of openSUSE Leap 15.2 libldb2-2.0.12-lp152.2.9.1 as a component of openSUSE Leap 15.2 libldb2-32bit-2.0.12-lp152.2.9.1 as a component of openSUSE Leap 15.2 python3-ldb-2.0.12-lp152.2.9.1 as a component of openSUSE Leap 15.2 python3-ldb-32bit-2.0.12-lp152.2.9.1 as a component of openSUSE Leap 15.2 python3-ldb-devel-2.0.12-lp152.2.9.1 as a component of openSUSE Leap 15.2 A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability. CVE-2020-27840 openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLNA72I7E6KKMIQOHXHYRPDYGMW5KH4K/ https://www.suse.com/security/cve/CVE-2020-27840.html CVE-2020-27840 https://bugzilla.suse.com/1183572 SUSE Bug 1183572 A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. CVE-2021-20277 openSUSE Leap 15.2:ldb-tools-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:libldb-devel-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:libldb2-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:libldb2-32bit-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:python3-ldb-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:python3-ldb-32bit-2.0.12-lp152.2.9.1 openSUSE Leap 15.2:python3-ldb-devel-2.0.12-lp152.2.9.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QLNA72I7E6KKMIQOHXHYRPDYGMW5KH4K/ https://www.suse.com/security/cve/CVE-2021-20277.html CVE-2021-20277 https://bugzilla.suse.com/1183574 SUSE Bug 1183574