USN-5992-1: ldb vulnerability
3 April 2023
ldb could be made to expose sensitive information over the network.
Releases
Packages
- ldb - LDAP-like embedded database
Details
Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly
handled certain confidential attribute values. A remote authenticated
attacker could possibly use this issue to obtain certain sensitive
information.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
Ubuntu 20.04
After a standard system update you need to restart applications using ldb,
such as Samba, to make all the necessary changes.
References
Related notices
- USN-5993-1: libwbclient-dev, libpam-winbind, samba, winbind, samba-libs, libsmbclient, samba-dsdb-modules, samba-common-bin, ldb-tools, ctdb, libldb2, samba-dev, samba-common, libnss-winbind, samba-testsuite, python3-samba, libwbclient0, libsmbclient-dev, python3-ldb-dev, smbclient, libldb-dev, python3-ldb, registry-tools, samba-vfs-modules