[ubuntu/focal-security] ldb 2:2.2.3-0ubuntu0.20.04.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Aug 1 11:38:22 UTC 2022
ldb (2:2.2.3-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
- debian/patches/CVE-2021-3670.patch: Confirm the request has not yet
timed out in ldb filter processing in ldb_key_value/ldb_kv.c,
ldb_key_value/ldb_kv.h, ldb_key_value/ldb_kv_index.c,
ldb_key_value/ldb_kv_search.c.
- CVE-2021-3670
* SECURITY UPDATE: use-after-free via LDAP add or modify request
- debian/patches/CVE-2022-32745_6-06.patch: Use LDB_FLAG_MOD_TYPE()
for flags equality check in modules/rdn_name.c.
- debian/patches/CVE-2022-32745_6-10.patch: Add flag to mark message
element values as shared in common/ldb_msg.c, include/ldb_module.h.
- debian/patches/CVE-2022-32745_6-11.patch: Ensure shallow copy
modifications do not affect original message in common/ldb_msg.c,
include/ldb.h.
- debian/patches/CVE-2022-32745_6-12.patch: Add functions for appending
to an ldb_message in common/ldb_msg.c, include/ldb.h.
- debian/patches/CVE-2022-32745_6-13.patch: Make use of functions for
appending to an ldb_message in ldb_map/ldb_map.c,
ldb_map/ldb_map_inbound.c, modules/rdn_name.c.
- CVE-2022-32746
* debian/libldb2.symbols: added new symbols.
Date: 2022-07-18 17:33:08.986735+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ldb/2:2.2.3-0ubuntu0.20.04.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list