ldb-tools-2.3.0-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10911 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ldb-tools-2.3.0-1.3 on GA media These are all security issues fixed in the ldb-tools-2.3.0-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10911 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10911 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-1140/ SUSE CVE CVE-2018-1140 page https://www.suse.com/security/cve/CVE-2019-3824/ SUSE CVE CVE-2019-3824 page https://www.suse.com/security/cve/CVE-2020-10700/ SUSE CVE CVE-2020-10700 page https://www.suse.com/security/cve/CVE-2020-10730/ SUSE CVE CVE-2020-10730 page https://www.suse.com/security/cve/CVE-2020-27840/ SUSE CVE CVE-2020-27840 page https://www.suse.com/security/cve/CVE-2021-20277/ SUSE CVE CVE-2021-20277 page openSUSE Tumbleweed ldb-tools-2.3.0-1.3 libldb-devel-2.3.0-1.3 libldb2-2.3.0-1.3 libldb2-32bit-2.3.0-1.3 python3-ldb-2.3.0-1.3 python3-ldb-32bit-2.3.0-1.3 python3-ldb-devel-2.3.0-1.3 ldb-tools-2.3.0-1.3 as a component of openSUSE Tumbleweed libldb-devel-2.3.0-1.3 as a component of openSUSE Tumbleweed libldb2-2.3.0-1.3 as a component of openSUSE Tumbleweed libldb2-32bit-2.3.0-1.3 as a component of openSUSE Tumbleweed python3-ldb-2.3.0-1.3 as a component of openSUSE Tumbleweed python3-ldb-32bit-2.3.0-1.3 as a component of openSUSE Tumbleweed python3-ldb-devel-2.3.0-1.3 as a component of openSUSE Tumbleweed A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable CVE-2018-1140 openSUSE Tumbleweed:ldb-tools-2.3.0-1.3 openSUSE Tumbleweed:libldb-devel-2.3.0-1.3 openSUSE Tumbleweed:libldb2-2.3.0-1.3 openSUSE Tumbleweed:libldb2-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-devel-2.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1140.html CVE-2018-1140 https://bugzilla.suse.com/1095056 SUSE Bug 1095056 A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. CVE-2019-3824 openSUSE Tumbleweed:ldb-tools-2.3.0-1.3 openSUSE Tumbleweed:libldb-devel-2.3.0-1.3 openSUSE Tumbleweed:libldb2-2.3.0-1.3 openSUSE Tumbleweed:libldb2-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-devel-2.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-3824.html CVE-2019-3824 https://bugzilla.suse.com/1125410 SUSE Bug 1125410 https://bugzilla.suse.com/1130703 SUSE Bug 1130703 A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. CVE-2020-10700 openSUSE Tumbleweed:ldb-tools-2.3.0-1.3 openSUSE Tumbleweed:libldb-devel-2.3.0-1.3 openSUSE Tumbleweed:libldb2-2.3.0-1.3 openSUSE Tumbleweed:libldb2-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-devel-2.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-10700.html CVE-2020-10700 https://bugzilla.suse.com/1169850 SUSE Bug 1169850 https://bugzilla.suse.com/1173159 SUSE Bug 1173159 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. CVE-2020-10730 openSUSE Tumbleweed:ldb-tools-2.3.0-1.3 openSUSE Tumbleweed:libldb-devel-2.3.0-1.3 openSUSE Tumbleweed:libldb2-2.3.0-1.3 openSUSE Tumbleweed:libldb2-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-devel-2.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-10730.html CVE-2020-10730 https://bugzilla.suse.com/1173159 SUSE Bug 1173159 A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability. CVE-2020-27840 openSUSE Tumbleweed:ldb-tools-2.3.0-1.3 openSUSE Tumbleweed:libldb-devel-2.3.0-1.3 openSUSE Tumbleweed:libldb2-2.3.0-1.3 openSUSE Tumbleweed:libldb2-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-devel-2.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27840.html CVE-2020-27840 https://bugzilla.suse.com/1183572 SUSE Bug 1183572 A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. CVE-2021-20277 openSUSE Tumbleweed:ldb-tools-2.3.0-1.3 openSUSE Tumbleweed:libldb-devel-2.3.0-1.3 openSUSE Tumbleweed:libldb2-2.3.0-1.3 openSUSE Tumbleweed:libldb2-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-32bit-2.3.0-1.3 openSUSE Tumbleweed:python3-ldb-devel-2.3.0-1.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-20277.html CVE-2021-20277 https://bugzilla.suse.com/1183574 SUSE Bug 1183574