Package "ldb"
Name: |
ldb
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- LDAP-like embedded database - tools
|
Latest version: |
2:2.4.4-0ubuntu0.20.04.2 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "ldb" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
ldb (2:2.4.4-0ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
- debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
issue.
- debian/libldb2.symbols: added new symbols.
- CVE-2023-0614
-- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 08:16:21 -0400
|
Source diff to previous version |
CVE-2023-0614 |
Access controlled AD LDAP attributes can be discovered |
|
ldb (2:2.4.4-0ubuntu0.20.04.1) focal-security; urgency=medium
* Update to 2.4.4 for samba security update
- Removed patches included in new version:
+ Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch
+ CVE-2021-3670.patch
+ CVE-2022-32745_6-06.patch
+ CVE-2022-32745_6-10.patch
+ CVE-2022-32745_6-11.patch
+ CVE-2022-32745_6-12.patch
+ CVE-2022-32745_6-13.patch
- debian/*symbols*: added new symbols.
- debian/control: bump tdb Build-Depends to 1.4.4, talloc to 2.3.3,
and tevent to 0.11.0.
-- Marc Deslauriers <email address hidden> Thu, 23 Feb 2023 10:29:16 -0500
|
Source diff to previous version |
CVE-2021-3670 |
MaxQueryDuration not honoured in Samba AD DC LDAP |
CVE-2022-32745 |
Samba AD users can crash the server process with an LDAP add or modify request |
|
ldb (2:2.2.3-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
- debian/patches/CVE-2021-3670.patch: Confirm the request has not yet
timed out in ldb filter processing in ldb_key_value/ldb_kv.c,
ldb_key_value/ldb_kv.h, ldb_key_value/ldb_kv_index.c,
ldb_key_value/ldb_kv_search.c.
- CVE-2021-3670
* SECURITY UPDATE: use-after-free via LDAP add or modify request
- debian/patches/CVE-2022-32745_6-06.patch: Use LDB_FLAG_MOD_TYPE()
for flags equality check in modules/rdn_name.c.
- debian/patches/CVE-2022-32745_6-10.patch: Add flag to mark message
element values as shared in common/ldb_msg.c, include/ldb_module.h.
- debian/patches/CVE-2022-32745_6-11.patch: Ensure shallow copy
modifications do not affect original message in common/ldb_msg.c,
include/ldb.h.
- debian/patches/CVE-2022-32745_6-12.patch: Add functions for appending
to an ldb_message in common/ldb_msg.c, include/ldb.h.
- debian/patches/CVE-2022-32745_6-13.patch: Make use of functions for
appending to an ldb_message in ldb_map/ldb_map.c,
ldb_map/ldb_map_inbound.c, modules/rdn_name.c.
- CVE-2022-32746
* debian/libldb2.symbols: added new symbols.
-- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 07:57:54 -0400
|
Source diff to previous version |
CVE-2021-3670 |
MaxQueryDuration not honoured in Samba AD DC LDAP |
CVE-2022-32745 |
Samba AD users can crash the server process with an LDAP add or modify request |
CVE-2022-32746 |
Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request |
|
ldb (2:2.2.3-0ubuntu0.20.04.2) focal-security; urgency=medium
* Update to 2.2.3 for samba security update
- Removed patches included in new version:
+ CVE-2020-27840-1.patch
+ CVE-2020-27840-2.patch
+ CVE-2021-20277-1.patch
+ CVE-2021-20277-2.patch
+ CVE-2021-20277-3.patch
+ CVE-2021-20277-4.patch
- Updated patches from Impish package:
+ Skip-test_guid_indexed_v1_db-on-mips64el-ppc64el-ia6.patch
+ Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch
+ Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch
- debian/*symbols*: added new symbols.
- debian/patches/Skip_failing_tests.diff: skip tests failing on 32-bit
archs.
- debian/control: bump tdb Build-Depends to 1.4.3, bump talloc
Build-Depends to 2.3.1, bump tevent Build-Depends to 0.10.2.
- CVE-2020-25718
-- Marc Deslauriers <email address hidden> Mon, 01 Nov 2021 07:50:21 -0400
|
Source diff to previous version |
|
ldb (2:2.0.10-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: Heap corruption via crafted DN strings
- debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
ldb_dn_explode in common/ldb_dn.c.
- debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
in tests/python/crash.py, wscript.
- CVE-2020-27840
* SECURITY UPDATE: Out of bounds read in AD DC LDAP server
- debian/patches/CVE-2021-20277-1.patch: add tests for
ldb_wildcard_compare in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
spaces in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-3.patch: remove tests from
ldb_match_test that do not pass in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-4.patch: stay in bounds in
common/attrib_handlers.c.
- CVE-2021-20277
-- Marc Deslauriers <email address hidden> Wed, 24 Mar 2021 08:01:45 -0400
|
|
About
-
Send Feedback to @ubuntu_updates