UbuntuUpdates.org

Package "libldb2"

Name: libldb2

Description:

LDAP-like embedded database - shared library

Latest version: 2:2.4.4-0ubuntu0.20.04.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: ldb
Homepage: https://ldb.samba.org/

Links


Download "libldb2"


Other versions of "libldb2" in Focal

Repository Area Version
base main 2:2.0.8-2
security main 2:2.4.4-0ubuntu0.20.04.2

Changelog

Version: 2:2.4.4-0ubuntu0.20.04.2 2023-04-03 17:07:00 UTC

  ldb (2:2.4.4-0ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
    - debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
      issue.
    - debian/libldb2.symbols: added new symbols.
    - CVE-2023-0614

 -- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 08:16:21 -0400

Source diff to previous version
CVE-2023-0614 Access controlled AD LDAP attributes can be discovered

Version: 2:2.4.4-0ubuntu0.20.04.1 2023-03-08 17:06:54 UTC

  ldb (2:2.4.4-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Update to 2.4.4 for samba security update
    - Removed patches included in new version:
      + Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch
      + CVE-2021-3670.patch
      + CVE-2022-32745_6-06.patch
      + CVE-2022-32745_6-10.patch
      + CVE-2022-32745_6-11.patch
      + CVE-2022-32745_6-12.patch
      + CVE-2022-32745_6-13.patch
    - debian/*symbols*: added new symbols.
    - debian/control: bump tdb Build-Depends to 1.4.4, talloc to 2.3.3,
      and tevent to 0.11.0.

 -- Marc Deslauriers <email address hidden> Thu, 23 Feb 2023 10:29:16 -0500

Source diff to previous version
CVE-2021-3670 MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2022-32745 Samba AD users can crash the server process with an LDAP add or modify request

Version: 2:2.2.3-0ubuntu0.20.04.3 2022-08-01 15:06:26 UTC

  ldb (2:2.2.3-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
    - debian/patches/CVE-2021-3670.patch: Confirm the request has not yet
      timed out in ldb filter processing in ldb_key_value/ldb_kv.c,
      ldb_key_value/ldb_kv.h, ldb_key_value/ldb_kv_index.c,
      ldb_key_value/ldb_kv_search.c.
    - CVE-2021-3670
  * SECURITY UPDATE: use-after-free via LDAP add or modify request
    - debian/patches/CVE-2022-32745_6-06.patch: Use LDB_FLAG_MOD_TYPE()
      for flags equality check in modules/rdn_name.c.
    - debian/patches/CVE-2022-32745_6-10.patch: Add flag to mark message
      element values as shared in common/ldb_msg.c, include/ldb_module.h.
    - debian/patches/CVE-2022-32745_6-11.patch: Ensure shallow copy
      modifications do not affect original message in common/ldb_msg.c,
      include/ldb.h.
    - debian/patches/CVE-2022-32745_6-12.patch: Add functions for appending
      to an ldb_message in common/ldb_msg.c, include/ldb.h.
    - debian/patches/CVE-2022-32745_6-13.patch: Make use of functions for
      appending to an ldb_message in ldb_map/ldb_map.c,
      ldb_map/ldb_map_inbound.c, modules/rdn_name.c.
    - CVE-2022-32746
  * debian/libldb2.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 07:57:54 -0400

Source diff to previous version
CVE-2021-3670 MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2022-32745 Samba AD users can crash the server process with an LDAP add or modify request
CVE-2022-32746 Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request

Version: 2:2.2.3-0ubuntu0.20.04.2 2021-11-11 14:07:20 UTC

  ldb (2:2.2.3-0ubuntu0.20.04.2) focal-security; urgency=medium

  * Update to 2.2.3 for samba security update
    - Removed patches included in new version:
      + CVE-2020-27840-1.patch
      + CVE-2020-27840-2.patch
      + CVE-2021-20277-1.patch
      + CVE-2021-20277-2.patch
      + CVE-2021-20277-3.patch
      + CVE-2021-20277-4.patch
    - Updated patches from Impish package:
      + Skip-test_guid_indexed_v1_db-on-mips64el-ppc64el-ia6.patch
      + Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch
      + Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch
    - debian/*symbols*: added new symbols.
    - debian/patches/Skip_failing_tests.diff: skip tests failing on 32-bit
      archs.
    - debian/control: bump tdb Build-Depends to 1.4.3, bump talloc
      Build-Depends to 2.3.1, bump tevent Build-Depends to 0.10.2.
    - CVE-2020-25718

 -- Marc Deslauriers <email address hidden> Mon, 01 Nov 2021 07:50:21 -0400

Source diff to previous version
CVE-2020-27840 Heap corruption via crafted DN strings
CVE-2021-20277 Out of bounds read in AD DC LDAP server
CVE-2020-25718 An RODC can issue (forge) administrator tickets to other servers

Version: 2:2.0.10-0ubuntu0.20.04.3 2021-03-24 20:07:13 UTC

  ldb (2:2.0.10-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: Heap corruption via crafted DN strings
    - debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
      ldb_dn_explode in common/ldb_dn.c.
    - debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
      in tests/python/crash.py, wscript.
    - CVE-2020-27840
  * SECURITY UPDATE: Out of bounds read in AD DC LDAP server
    - debian/patches/CVE-2021-20277-1.patch: add tests for
      ldb_wildcard_compare in tests/ldb_match_test.c.
    - debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
      spaces in tests/ldb_match_test.c.
    - debian/patches/CVE-2021-20277-3.patch: remove tests from
      ldb_match_test that do not pass in tests/ldb_match_test.c.
    - debian/patches/CVE-2021-20277-4.patch: stay in bounds in
      common/attrib_handlers.c.
    - CVE-2021-20277

 -- Marc Deslauriers <email address hidden> Wed, 24 Mar 2021 08:01:45 -0400

CVE-2020-27840 Heap corruption via crafted DN strings
CVE-2021-20277 Out of bounds read in AD DC LDAP server



About   -   Send Feedback to @ubuntu_updates