Bug 30407

Summary: ldb new security issue CVE-2021-3670
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Buchan Milne <bgmilne>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ldb-2.3.2-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-05-10 16:24:40 CEST 
openSUSE has issued an advisory on May 9:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DVDBCJM6TSTZQNECLEKK3QRJ6HVNZU7N/

The issue is fixed upstream in 2.3.3.

*As the comment in the SPEC says, make sure to rebuild samba and sssd!*
Comment 1 Buchan Milne 2022-05-14 21:09:51 CEST 
From the Samba bug ( https://bugzilla.samba.org/show_bug.cgi?id=14694 )

> Removing advisory as this is just confusing as we won't do a security release for this any more, as this has been downgraded to a hardening. 

> 2021-12-15 14:53:18 UTC
> This bug was referenced in samba v4-14-stable (Release samba-4.14.11):

We have 4.14.12

I don't know if it makes sense to update, test and release this now taking the above into account.

In the case of a future samba security bug, we can ship the update ldb version.

Re-open if you don't agree.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX

Comment 2 David Walser 2022-05-14 22:09:36 CEST 
We're already on the 2.3.x branch so there's very little risk in updating it.  Samba version is irrelevant because we don't use the bundled ldb.  We probably should have updated this when we updated samba.  If you want to hold this update for the next Samba update, that's probably fine.

Resolution: WONTFIX => (none)
Status: RESOLVED => REOPENED

Comment 3 David Walser 2022-11-08 13:48:14 CET 
Fixed in Bug 30675.

*** This bug has been marked as a duplicate of bug 30675 ***

Resolution: (none) => DUPLICATE
Status: REOPENED => RESOLVED