USN-4888-1: ldb vulnerabilities

Packages

ldb - LDAP-like embedded database

Details

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly
handled certain LDAP attributes. A remote attacker could possibly use this
issue to cause the LDAP server to crash, resulting in a denial of service.
(CVE-2021-20277)

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly
handled certain DN strings. A remote attacker could use this issue to
cause the LDAP server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2020-27840)

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly
handled certain LDAP attributes. A remote attacker could possibly use this
issue to cause the LDAP server to crash, resulting in a denial of service.
(CVE-2021-20277)

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly
handled certain DN strings. A remote attacker could use this issue to
cause the LDAP server to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2020-27840)

Update instructions

After a standard system update you need to restart applications using ldb, such as Samba, to make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
20.10 groovy	libldb2 – 2:2.1.4-2ubuntu0.1
20.04 focal	libldb2 – 2:2.0.10-0ubuntu0.20.04.3
18.04 bionic	libldb1 – 2:1.2.3-1ubuntu0.2
16.04 xenial	libldb1 – 2:1.1.24-1ubuntu3.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

USN-4888-2

USN-4888-2

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices