Bug 30407 - ldb new security issue CVE-2021-3670
Summary: ldb new security issue CVE-2021-3670
Status: RESOLVED DUPLICATE of bug 30675
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Buchan Milne
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-10 16:24 CEST by David Walser
Modified: 2022-11-08 13:48 CET (History)
0 users

See Also:
Source RPM: ldb-2.3.2-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-05-10 16:24:40 CEST
openSUSE has issued an advisory on May 9:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DVDBCJM6TSTZQNECLEKK3QRJ6HVNZU7N/

The issue is fixed upstream in 2.3.3.

*As the comment in the SPEC says, make sure to rebuild samba and sssd!*
Comment 1 Buchan Milne 2022-05-14 21:09:51 CEST
From the Samba bug ( https://bugzilla.samba.org/show_bug.cgi?id=14694 )

> Removing advisory as this is just confusing as we won't do a security release for this any more, as this has been downgraded to a hardening. 

> 2021-12-15 14:53:18 UTC
> This bug was referenced in samba v4-14-stable (Release samba-4.14.11):

We have 4.14.12

I don't know if it makes sense to update, test and release this now taking the above into account.

In the case of a future samba security bug, we can ship the update ldb version.

Re-open if you don't agree.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX

Comment 2 David Walser 2022-05-14 22:09:36 CEST
We're already on the 2.3.x branch so there's very little risk in updating it.  Samba version is irrelevant because we don't use the bundled ldb.  We probably should have updated this when we updated samba.  If you want to hold this update for the next Samba update, that's probably fine.

Resolution: WONTFIX => (none)
Status: RESOLVED => REOPENED

Comment 3 David Walser 2022-11-08 13:48:14 CET
Fixed in Bug 30675.

*** This bug has been marked as a duplicate of bug 30675 ***

Resolution: (none) => DUPLICATE
Status: REOPENED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.