Package "libldb-dev"

Name:	libldb-dev
Description:	LDAP-like embedded database - development files
Latest version:	2:2.4.4-0ubuntu0.20.04.2
Release:	focal (20.04)
Level:	security
Repository:	main
Head package:	ldb
Homepage:	https://ldb.samba.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libldb-dev"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libldb-dev" in Focal

Repository	Area	Version
base	main	2:2.0.8-2
updates	main	2:2.4.4-0ubuntu0.20.04.2

Changelog

Version: 2:2.4.4-0ubuntu0.20.04.2 2023-04-03 15:06:53 UTC

ldb (2:2.4.4-0ubuntu0.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered - debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the issue. - debian/libldb2.symbols: added new symbols. - CVE-2023-0614 -- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 08:16:21 -0400

Source diff to previous version

CVE-2023-0614

Access controlled AD LDAP attributes can be discovered

Version: 2:2.4.4-0ubuntu0.20.04.1 2023-03-08 15:06:50 UTC

ldb (2:2.4.4-0ubuntu0.20.04.1) focal-security; urgency=medium * Update to 2.4.4 for samba security update - Removed patches included in new version: + Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch + CVE-2021-3670.patch + CVE-2022-32745_6-06.patch + CVE-2022-32745_6-10.patch + CVE-2022-32745_6-11.patch + CVE-2022-32745_6-12.patch + CVE-2022-32745_6-13.patch - debian/*symbols*: added new symbols. - debian/control: bump tdb Build-Depends to 1.4.4, talloc to 2.3.3, and tevent to 0.11.0. -- Marc Deslauriers <email address hidden> Thu, 23 Feb 2023 10:29:16 -0500

Source diff to previous version

CVE-2021-3670	MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2022-32745	Samba AD users can crash the server process with an LDAP add or modify request

Version: 2:2.2.3-0ubuntu0.20.04.3 2022-08-01 14:06:23 UTC

ldb (2:2.2.3-0ubuntu0.20.04.3) focal-security; urgency=medium * SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP - debian/patches/CVE-2021-3670.patch: Confirm the request has not yet timed out in ldb filter processing in ldb_key_value/ldb_kv.c, ldb_key_value/ldb_kv.h, ldb_key_value/ldb_kv_index.c, ldb_key_value/ldb_kv_search.c. - CVE-2021-3670 * SECURITY UPDATE: use-after-free via LDAP add or modify request - debian/patches/CVE-2022-32745_6-06.patch: Use LDB_FLAG_MOD_TYPE() for flags equality check in modules/rdn_name.c. - debian/patches/CVE-2022-32745_6-10.patch: Add flag to mark message element values as shared in common/ldb_msg.c, include/ldb_module.h. - debian/patches/CVE-2022-32745_6-11.patch: Ensure shallow copy modifications do not affect original message in common/ldb_msg.c, include/ldb.h. - debian/patches/CVE-2022-32745_6-12.patch: Add functions for appending to an ldb_message in common/ldb_msg.c, include/ldb.h. - debian/patches/CVE-2022-32745_6-13.patch: Make use of functions for appending to an ldb_message in ldb_map/ldb_map.c, ldb_map/ldb_map_inbound.c, modules/rdn_name.c. - CVE-2022-32746 * debian/libldb2.symbols: added new symbols. -- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 07:57:54 -0400

Source diff to previous version

CVE-2021-3670	MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2022-32745	Samba AD users can crash the server process with an LDAP add or modify request
CVE-2022-32746	Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request

Version: 2:2.2.3-0ubuntu0.20.04.2 2021-11-11 13:06:45 UTC

ldb (2:2.2.3-0ubuntu0.20.04.2) focal-security; urgency=medium * Update to 2.2.3 for samba security update - Removed patches included in new version: + CVE-2020-27840-1.patch + CVE-2020-27840-2.patch + CVE-2021-20277-1.patch + CVE-2021-20277-2.patch + CVE-2021-20277-3.patch + CVE-2021-20277-4.patch - Updated patches from Impish package: + Skip-test_guid_indexed_v1_db-on-mips64el-ppc64el-ia6.patch + Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch + Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch - debian/*symbols*: added new symbols. - debian/patches/Skip_failing_tests.diff: skip tests failing on 32-bit archs. - debian/control: bump tdb Build-Depends to 1.4.3, bump talloc Build-Depends to 2.3.1, bump tevent Build-Depends to 0.10.2. - CVE-2020-25718 -- Marc Deslauriers <email address hidden> Mon, 01 Nov 2021 07:50:21 -0400

Source diff to previous version

CVE-2020-27840	Heap corruption via crafted DN strings
CVE-2021-20277	Out of bounds read in AD DC LDAP server
CVE-2020-25718	An RODC can issue (forge) administrator tickets to other servers

Version: 2:2.0.10-0ubuntu0.20.04.3 2021-03-24 19:06:20 UTC

ldb (2:2.0.10-0ubuntu0.20.04.3) focal-security; urgency=medium * SECURITY UPDATE: Heap corruption via crafted DN strings - debian/patches/CVE-2020-27840-1.patch: avoid head corruption in ldb_dn_explode in common/ldb_dn.c. - debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb in tests/python/crash.py, wscript. - CVE-2020-27840 * SECURITY UPDATE: Out of bounds read in AD DC LDAP server - debian/patches/CVE-2021-20277-1.patch: add tests for ldb_wildcard_compare in tests/ldb_match_test.c. - debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra spaces in tests/ldb_match_test.c. - debian/patches/CVE-2021-20277-3.patch: remove tests from ldb_match_test that do not pass in tests/ldb_match_test.c. - debian/patches/CVE-2021-20277-4.patch: stay in bounds in common/attrib_handlers.c. - CVE-2021-20277 -- Marc Deslauriers <email address hidden> Wed, 24 Mar 2021 08:01:45 -0400

CVE-2020-27840	Heap corruption via crafted DN strings
CVE-2021-20277	Out of bounds read in AD DC LDAP server

About - Send Feedback to @ubuntu_updates

Package "libldb-dev"

Links

Download "libldb-dev"

Other versions of "libldb-dev" in Focal

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates