Security update for ldb SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1121-1 Final 1 1 2020-08-01T14:20:04Z current 2020-08-01T14:20:04Z 2020-08-01T14:20:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ldb This update for ldb fixes the following issues: - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1121 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QIF74KTUN5COJSGEOO355XLBVE7KVND4/ E-Mail link for openSUSE-SU-2020:1121-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1173159 SUSE Bug 1173159 https://www.suse.com/security/cve/CVE-2020-10730/ SUSE CVE CVE-2020-10730 page openSUSE Leap 15.1 ldb-tools-1.4.6-lp151.2.3.1 libldb-devel-1.4.6-lp151.2.3.1 libldb1-1.4.6-lp151.2.3.1 libldb1-32bit-1.4.6-lp151.2.3.1 python-ldb-1.4.6-lp151.2.3.1 python-ldb-32bit-1.4.6-lp151.2.3.1 python-ldb-devel-1.4.6-lp151.2.3.1 python3-ldb-1.4.6-lp151.2.3.1 python3-ldb-32bit-1.4.6-lp151.2.3.1 python3-ldb-devel-1.4.6-lp151.2.3.1 ldb-tools-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 libldb-devel-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 libldb1-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 libldb1-32bit-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 python-ldb-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 python-ldb-32bit-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 python-ldb-devel-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 python3-ldb-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 python3-ldb-32bit-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 python3-ldb-devel-1.4.6-lp151.2.3.1 as a component of openSUSE Leap 15.1 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. CVE-2020-10730 openSUSE Leap 15.1:ldb-tools-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:libldb-devel-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:libldb1-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:libldb1-32bit-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:python-ldb-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:python-ldb-32bit-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:python-ldb-devel-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:python3-ldb-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:python3-ldb-32bit-1.4.6-lp151.2.3.1 openSUSE Leap 15.1:python3-ldb-devel-1.4.6-lp151.2.3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QIF74KTUN5COJSGEOO355XLBVE7KVND4/ https://www.suse.com/security/cve/CVE-2020-10730.html CVE-2020-10730 https://bugzilla.suse.com/1173159 SUSE Bug 1173159