[SECURITY] [DLA 2611-1] ldb security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2611-1] ldb security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 31 Mar 2021 09:22:43 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2103310921350.10752@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2611-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
March 31, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ldb
Version        : 2:1.1.27-1+deb9u2
CVE ID         : CVE-2020-27840 CVE-2021-20277

Two issues have been found in ldb, an LDAP-like embedded database, forexample used with samba.

Both issues are related to out of bounds access, either an out of boundread or a heap corrupton, both most likely leading to an applicationcrash.

For Debian 9 stretch, these problems have been fixed in version2:1.1.27-1+deb9u2.


We recommend that you upgrade your ldb packages.

For the detailed security status of ldb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ldb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBkP2NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdiSQ/+MwdVGtUKTVJnDLnqL2huTkkYdjkfg6t/6CZiEf/+/nLKeqkcQekhBxF0
R0CWvn8LiFDZjKGgCo18vPPcmTripywzp2uYsRc6EU+KnF+wO7gJcEv2Ohp8U6bp
0Q8YQQvW26hoVBiiUPx8af9q+a+p+igLkKFy0Eu/BGDB2HRf3EXlwnN+kw5xWdPd
lzoTKkqoydo7NXMM+8Vd51hP4eUByAWfiT93hZp+Zquoo60HsqP5mE9rhVATtBdk
Zi5KDz/jA0zXSR4ev8xn/2kg/yv/IoSS0pOP8TMG5qLORA0uFTQ5QskbMHKbdiFi
ZsosvR/FjY+r/1TayKRtxzj6Vl28IXWV3XvD32G2a9sKcBHSN+WahCK+qyg8YRPj
oRUdrbjHM1wsoKIBwSIFg6vk92avkaJmvdKKEechbizRLIgAZxlWEH11OIb1hfry
OdP4Hjxju5jI3NgW6NBGEdj4fblnMK22RBESx7NEjMcC3wIcwxD23Yk4Tg6O7fyy
mWlrE6oMWgQmaJ638hwLUdqo8HHzdtZupOJB3bA+5PqeXHmDCocmdBoEcoFWnjF5
gfTd9g/EeWvI6MHus8wrS8jSOStUR424tlLOCaEcHsq7qwesMgDifPHsuKEJZk40
jphbI8Lcgyd6HzWSfhVkn4Ghjc12pc+3ePNeeLYaMhdSjchuiKs=
=ulYU
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2610-1] linux-4.19 security update
Next by Date: [SECURITY] [DLA 2612-1] leptonlib security update
Previous by thread: [SECURITY] [DLA 2610-1] linux-4.19 security update
Next by thread: [SECURITY] [DLA 2612-1] leptonlib security update
Index(es):
- Date
- Thread