安全公告详情

NS-SA-2024-0010

2024-04-12 10:37:42

简介

important: libldb/rpm security update

严重级别

important

主题

An update for libldb/rpm is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libldb:
rpm:


Security Fix(es):
libldb: A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.(CVE-2021-20277)
libldb: bugfix
rpm: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.(CVE-2021-20271)
rpm: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F52B5.

影响组件

  • libldb
  • rpm

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["pyldb-devel-1.5.4-2.el7_9.x86_64.rpm","libldb-debuginfo-1.5.4-2.el7_9.x86_64.rpm","pyldb-1.5.4-2.el7_9.x86_64.rpm","libldb-devel-1.5.4-2.el7_9.x86_64.rpm","ldb-tools-1.5.4-2.el7_9.x86_64.rpm","libldb-1.5.4-2.el7_9.x86_64.rpm"],"source":"libldb-1.5.4-2.el7_9.src.rpm"},{"binary":["rpm-debuginfo-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-sign-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-devel-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-build-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-build-libs-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-libs-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-cron-4.11.3-48.el7_9.cgslv5.0.11.g939b202.noarch.rpm","rpm-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm","rpm-apidocs-4.11.3-48.el7_9.cgslv5.0.11.g939b202.noarch.rpm","rpm-python-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm"],"source":"rpm-4.11.3-48.el7_9.cgslv5.0.11.g939b202.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["pyldb-devel-1.5.4-2.el7_9.x86_64.rpm","libldb-debuginfo-1.5.4-2.el7_9.x86_64.rpm","pyldb-1.5.4-2.el7_9.x86_64.rpm","libldb-devel-1.5.4-2.el7_9.x86_64.rpm","ldb-tools-1.5.4-2.el7_9.x86_64.rpm","libldb-1.5.4-2.el7_9.x86_64.rpm"],"source":"libldb-1.5.4-2.el7_9.src.rpm"},{"binary":["rpm-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-cron-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.noarch.rpm","rpm-lang-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-apidocs-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.noarch.rpm","rpm-build-libs-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-sign-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-debuginfo-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-devel-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-libs-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-build-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-python-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm","rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm"],"source":"rpm-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.src.rpm"}]}]}
CGSL MAIN 5.04
  • libldb-1.5.4-2.el7_9.src.rpm
    • pyldb-devel-1.5.4-2.el7_9.x86_64.rpm
    • libldb-debuginfo-1.5.4-2.el7_9.x86_64.rpm
    • pyldb-1.5.4-2.el7_9.x86_64.rpm
    • libldb-devel-1.5.4-2.el7_9.x86_64.rpm
    • ldb-tools-1.5.4-2.el7_9.x86_64.rpm
    • libldb-1.5.4-2.el7_9.x86_64.rpm
  • rpm-4.11.3-48.el7_9.cgslv5.0.11.g939b202.src.rpm
    • rpm-debuginfo-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-sign-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-devel-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-build-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-build-libs-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-libs-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-cron-4.11.3-48.el7_9.cgslv5.0.11.g939b202.noarch.rpm
    • rpm-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
    • rpm-apidocs-4.11.3-48.el7_9.cgslv5.0.11.g939b202.noarch.rpm
    • rpm-python-4.11.3-48.el7_9.cgslv5.0.11.g939b202.x86_64.rpm
CGSL CORE 5.04
  • libldb-1.5.4-2.el7_9.src.rpm
    • pyldb-devel-1.5.4-2.el7_9.x86_64.rpm
    • libldb-debuginfo-1.5.4-2.el7_9.x86_64.rpm
    • pyldb-1.5.4-2.el7_9.x86_64.rpm
    • libldb-devel-1.5.4-2.el7_9.x86_64.rpm
    • ldb-tools-1.5.4-2.el7_9.x86_64.rpm
    • libldb-1.5.4-2.el7_9.x86_64.rpm
  • rpm-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.src.rpm
    • rpm-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-cron-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.noarch.rpm
    • rpm-lang-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-apidocs-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.noarch.rpm
    • rpm-build-libs-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-sign-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-debuginfo-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-devel-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-libs-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-build-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-python-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm
    • rpm-plugin-systemd-inhibit-4.11.3-48.el7_9.cgslv5.0.11.gd75f5b4.lite.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108