USN-5992-1: ldb vulnerability

Releases

• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Packages

• ldb - LDAP-like embedded database

Details

Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly
handled certain confidential attribute values. A remote authenticated
attacker could possibly use this issue to obtain certain sensitive
information.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• libldb2 - 2:2.4.4-0ubuntu0.22.04.2

Ubuntu 20.04

• libldb2 - 2:2.4.4-0ubuntu0.20.04.2

After a standard system update you need to restart applications using ldb,
such as Samba, to make all the necessary changes.

References

• CVE-2023-0614

Related notices

• USN-5993-1: ctdb, libnss-winbind, libwbclient0, samba-libs, python3-ldb, libpam-winbind, samba-common, libldb-dev, samba-vfs-modules, libsmbclient-dev, python3-ldb-dev, smbclient, samba-common-bin, samba-dsdb-modules, libldb2, ldb-tools, samba-testsuite, winbind, samba-dev, python3-samba, libsmbclient, libwbclient-dev, samba, registry-tools