Moderate CentOS libldb Security Update


ldb-tools-1.1.13-3.el6_7.1.i686.rpm, ldb-tools-1.1.13-3.el6_7.1.x86_64.rpm, ldb-tools-1.1.20-1.el7_2.2.x86_64.rpm, libldb-1.1.13-3.el6_7.1.i686.rpm, libldb-1.1.13-3.el6_7.1.src.rpm, libldb-1.1.13-3.el6_7.1.x86_64.rpm, libldb-1.1.20-1.el7_2.2.i686.rpm, libldb-1.1.20-1.el7_2.2.src.rpm, libldb-1.1.20-1.el7_2.2.x86_64.rpm, libldb-devel-1.1.13-3.el6_7.1.i686.rpm, libldb-devel-1.1.13-3.el6_7.1.x86_64.rpm, libldb-devel-1.1.20-1.el7_2.2.i686.rpm, libldb-devel-1.1.20-1.el7_2.2.x86_64.rpm, pyldb-1.1.13-3.el6_7.1.i686.rpm, pyldb-1.1.13-3.el6_7.1.x86_64.rpm, pyldb-1.1.20-1.el7_2.2.i686.rpm, pyldb-1.1.20-1.el7_2.2.x86_64.rpm, pyldb-devel-1.1.13-3.el6_7.1.i686.rpm, pyldb-devel-1.1.13-3.el6_7.1.x86_64.rpm, pyldb-devel-1.1.20-1.el7_2.2.i686.rpm, pyldb-devel-1.1.20-1.el7_2.2.x86_64.rpm,,
2018-01-18 11:11
2017-07-27 19:10
2017-04-01 19:09
2017-01-05 20:13


Updated libldb packages that fix two security issues are now available for
Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

The libldb packages provide an extensible library that implements an
LDAP-like API to access remote LDAP servers, or use local TDB databases.

A denial of service flaw was found in the ldb_wildcard_compare() function
of libldb. A remote attacker could send a specially crafted packet that,
when processed by an application using libldb (for example the AD LDAP
server in Samba), would cause that application to consume an excessive
amount of memory and crash. (CVE-2015-3223)

A memory-read flaw was found in the way the libldb library processed LDB DN
records with a null byte. An authenticated, remote attacker could use this
flaw to read heap-memory pages from the server. (CVE-2015-5330)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Thilo Uttendorfer as the original reporter of
CVE-2015-3223, and Douglas Bagnall as the original reporter of

All libldb users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Please see

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 ldb-tools ldb-tools-1.1.13-3.el6_7.1.x86_64.rpm
ldb-tools ldb-tools-1.1.13-3.el6_7.1.i686.rpm
libldb libldb-1.1.13-3.el6_7.1.x86_64.rpm
libldb libldb-1.1.13-3.el6_7.1.i686.rpm
libldb libldb-1.1.13-3.el6_7.1.src.rpm
libldb-devel libldb-devel-1.1.13-3.el6_7.1.x86_64.rpm
libldb-devel libldb-devel-1.1.13-3.el6_7.1.i686.rpm
pyldb pyldb-1.1.13-3.el6_7.1.x86_64.rpm
pyldb pyldb-1.1.13-3.el6_7.1.i686.rpm
pyldb-devel pyldb-devel-1.1.13-3.el6_7.1.x86_64.rpm
pyldb-devel pyldb-devel-1.1.13-3.el6_7.1.i686.rpm
7 ldb-tools ldb-tools-1.1.20-1.el7_2.2.x86_64.rpm
libldb libldb-1.1.20-1.el7_2.2.i686.rpm
libldb libldb-1.1.20-1.el7_2.2.x86_64.rpm
libldb libldb-1.1.20-1.el7_2.2.src.rpm
libldb-devel libldb-devel-1.1.20-1.el7_2.2.i686.rpm
libldb-devel libldb-devel-1.1.20-1.el7_2.2.x86_64.rpm
pyldb pyldb-1.1.20-1.el7_2.2.i686.rpm
pyldb pyldb-1.1.20-1.el7_2.2.x86_64.rpm
pyldb-devel pyldb-devel-1.1.20-1.el7_2.2.x86_64.rpm
pyldb-devel pyldb-devel-1.1.20-1.el7_2.2.i686.rpm