You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ldb

Sigurnosni nedostaci programskog paketa ldb

==========================================================================
Ubuntu Security Notice USN-2856-1
January 05, 2016

ldb vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 15.10
– Ubuntu 15.04
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in ldb.

Software Description:
– ldb: LDAP-like embedded database

Details:

Thilo Uttendorfer discovered that the ldb incorrectly handled certain zero
values. A remote attacker could use this issue to cause applications using
ldb, such as Samba, to stop responding, resulting in a denial of service.
(CVE-2015-3223)

Douglas Bagnall discovered that ldb incorrectly handled certain string
lengths. A remote attacker could use this issue to possibly access
sensitive information from memory of applications using ldb, such as Samba.
(CVE-2015-5330)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
libldb1 2:1.1.20-2ubuntu0.1

Ubuntu 15.04:
libldb1 1:1.1.18-1ubuntu0.1

Ubuntu 14.04 LTS:
libldb1 1:1.1.16-1ubuntu0.1

Ubuntu 12.04 LTS:
libldb1 1:1.1.4-1ubuntu0.1

After a standard system update you need to restart applications using ldb,
such as Samba, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2856-1
CVE-2015-3223, CVE-2015-5330

Package Information:
https://launchpad.net/ubuntu/+source/ldb/2:1.1.20-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ldb/1:1.1.18-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ldb/1:1.1.16-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ldb/1:1.1.4-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJWjBkpAAoJEGVp2FWnRL6TMlgQAJWA4MgRRdJv0Hp5XLdFdNjL
krhs44gpV0HvB3qyPLDjV+QkNgqZUZ4GRoLSmeHzqR64U+35rP8Dtbl+L3XGvdjS
MbuY1slhiGhsR4C6BdRprlOpjm7BN9kgmUAoU0bptAJ4NxZQqicgvK0exjLVRbVi
X3qEa+A/IRmmZ7v2I68dGq+BrN7OrItLR9P6GNMqFQi+r3Q+LZiZ9nNOyNO2W1Pj
NXM0Egmpr0wSvoGBPzbY0hPeRByceseV6DnUoKYOrkLMX/g4qxkVsSj7SNgkKGi/
ZzyFqiUL38ZyEZBlg/0wsYMB4vc6HC0hZiqLK9gNWwcOtH5K2XMQL1aBfuBSzd8+
SdyQyOTsK5+YDEDRLfjb7KcnBeiD5kBK9X1dbB7e7q7yoL4OgIDhpRAGEI4uB6m7
FzPgWiOd2oDm0hmPntH3XUmuYzZ0iL9TBn1plKEfCfuXs1kgxlM9u8v6QYyjqcyf
yuVzeEvLdwhigkj5CtoPF+DOm/Gom3XLNturScKtI4+MoZuNIhnl6plgKLWuKOpe
T9QIYJioPa6rj+CVYTt9MSDeJK5W63VnHDM+MQ2INOux45Th8wvWZ9A6/SwTfvsa
9so7ruUdssZB0rQS3jcRXPxhOfVTVyW86B7iNgZOM+BMXHckUwEnyoQ2Avsq50V+
vi/CSgrkhkYz3nwRQsx+
=Ypi5
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak u programskom paketu git

Otkriven je sigurnosni nedostatak u programskom paketu git. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje pokretanje proizvoljnog programskog koda umetanjem naredbi...

Close