|
|
Subscribe / Log in / New account

Debian alert DLA-1699-1 (ldb)



From:
              Adrian Bunk <bunk@debian.org> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 1699-1] ldb security update 


Date:
              Fri, 1 Mar 2019 08:19:41 +0200


Message-ID:
              <20190301061941.GA6773@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ldb
Version        : 2:1.1.20-0+deb8u2
CVE ID         : CVE-2019-3824

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare()
function of ldb, a LDAP-like embedded database, resulting in denial of
service.

For Debian 8 "Jessie", this problem has been fixed in version
2:1.1.20-0+deb8u2.

We recommend that you upgrade your ldb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAlx4zvoACgkQiNJCh6LY
mLGEvA/+PFRunD1LXsWr2oOlwR1cFJaDnUV1RkTVtHb1sYz/db1VqCkkROviNG/N
ku0eojBRj4hSsxnPeBLbbHhXa10FQWK/iBAN5io3PGJdbxn2Y6kR0XWFKHosCK6r
xrugEyvbqaq3rQjUzonLIDoG1JjItbQMs/m4Q1FUDZSjEv5/Hz+RbJwLaw7TLVzR
gr8sM8tbQ8hZDJmRyXHvpr2v61f+MmGD3k4f5PisVyD/4sg/5Ao46dJ/Y7wHzF2G
pg/bxY7Ly0LyQexSvwzxkODuoJdvk/iFRsVqgbhhGIffgbNvlcS2dUtL9j4R+W+r
YVv0XODG5t7GqU8wYdsMjcjCmdS6N+bMfplUd4GkbtD/jovbaq3wNHoWhy7A0pQb
sa5BjQWjs4C0DFqhYfDy9eXrvRVAflWgq1z7SYvUpHkgGoIgua+Tf+Pmtuwa1Bdx
OUPVNZa4Zrm3Op0GhIebLrj6L440maDPorEwP08GL4ZH5bNLmf3i6KqfIE19fxG+
tm9CjcXGkGmMI9HGiWnVySPvVRo6aqi2p166W2Yosb/fAxceOw0ippnip260Ek4U
8p2G43Ca4aOgWHNSx9DigW+NXjgq5FEzo8BQktENckKfuESE9Us4Rlnf3UK3EPK9
1BX6FH9X+n6NkdHBqiN9nFf4UEDsHcJMoytjbWsUHZ+9NUpcKdE=
=N2il
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds