Sicherheit: Zwei Probleme in ldb

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4128460841774643926==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="CwDwWJu1ttGpo852Ct23funfCoOGCvH0j"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--CwDwWJu1ttGpo852Ct23funfCoOGCvH0j
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2856-1
January 05, 2016

ldb vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in ldb.

Software Description:
- ldb: LDAP-like embedded database

Details:

Thilo Uttendorfer discovered that the ldb incorrectly handled certain zero
values. A remote attacker could use this issue to cause applications using
ldb, such as Samba, to stop responding, resulting in a denial of service.
(CVE-2015-3223)

Douglas Bagnall discovered that ldb incorrectly handled certain string
lengths. A remote attacker could use this issue to possibly access
sensitive information from memory of applications using ldb, such as Samba.
(CVE-2015-5330)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
libldb1 2:1.1.20-2ubuntu0.1

Ubuntu 15.04:
libldb1 1:1.1.18-1ubuntu0.1

Ubuntu 14.04 LTS:
libldb1 1:1.1.16-1ubuntu0.1

Ubuntu 12.04 LTS:
libldb1 1:1.1.4-1ubuntu0.1

After a standard system update you need to restart applications using ldb,
such as Samba, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2856-1
CVE-2015-3223, CVE-2015-5330

Package Information:
https://launchpad.net/ubuntu/+source/ldb/2:1.1.20-2ubuntu0.1
https://launchpad.net/ubuntu/+source/ldb/1:1.1.18-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ldb/1:1.1.16-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ldb/1:1.1.4-1ubuntu0.1

--CwDwWJu1ttGpo852Ct23funfCoOGCvH0j
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWjBkpAAoJEGVp2FWnRL6TMlgQAJWA4MgRRdJv0Hp5XLdFdNjL
krhs44gpV0HvB3qyPLDjV+QkNgqZUZ4GRoLSmeHzqR64U+35rP8Dtbl+L3XGvdjS
MbuY1slhiGhsR4C6BdRprlOpjm7BN9kgmUAoU0bptAJ4NxZQqicgvK0exjLVRbVi
X3qEa+A/IRmmZ7v2I68dGq+BrN7OrItLR9P6GNMqFQi+r3Q+LZiZ9nNOyNO2W1Pj
NXM0Egmpr0wSvoGBPzbY0hPeRByceseV6DnUoKYOrkLMX/g4qxkVsSj7SNgkKGi/
ZzyFqiUL38ZyEZBlg/0wsYMB4vc6HC0hZiqLK9gNWwcOtH5K2XMQL1aBfuBSzd8+
SdyQyOTsK5+YDEDRLfjb7KcnBeiD5kBK9X1dbB7e7q7yoL4OgIDhpRAGEI4uB6m7
FzPgWiOd2oDm0hmPntH3XUmuYzZ0iL9TBn1plKEfCfuXs1kgxlM9u8v6QYyjqcyf
yuVzeEvLdwhigkj5CtoPF+DOm/Gom3XLNturScKtI4+MoZuNIhnl6plgKLWuKOpe
T9QIYJioPa6rj+CVYTt9MSDeJK5W63VnHDM+MQ2INOux45Th8wvWZ9A6/SwTfvsa
9so7ruUdssZB0rQS3jcRXPxhOfVTVyW86B7iNgZOM+BMXHckUwEnyoQ2Avsq50V+
vi/CSgrkhkYz3nwRQsx+
=Ypi5
-----END PGP SIGNATURE-----

--CwDwWJu1ttGpo852Ct23funfCoOGCvH0j--

--===============4128460841774643926==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4128460841774643926==--