Amazon Linux 2023 Security Advisory: ALAS2023-2023-085
Advisory Released Date: 2023-03-22
Advisory Updated Date: 2023-03-22
Severity:
Medium
Issue Overview:
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)
Affected Packages:
libldb
Issue Correction:
Run dnf update libldb --releasever=2023.0.20230222 to update your system.
New Packages:
aarch64:
python3-ldb-debuginfo-2.6.1-1.amzn2023.0.2.aarch64
python-ldb-devel-common-2.6.1-1.amzn2023.0.2.aarch64
libldb-devel-2.6.1-1.amzn2023.0.2.aarch64
ldb-tools-2.6.1-1.amzn2023.0.2.aarch64
python3-ldb-devel-2.6.1-1.amzn2023.0.2.aarch64
libldb-debugsource-2.6.1-1.amzn2023.0.2.aarch64
ldb-tools-debuginfo-2.6.1-1.amzn2023.0.2.aarch64
libldb-debuginfo-2.6.1-1.amzn2023.0.2.aarch64
libldb-2.6.1-1.amzn2023.0.2.aarch64
python3-ldb-2.6.1-1.amzn2023.0.2.aarch64
src:
libldb-2.6.1-1.amzn2023.0.2.src
x86_64:
python-ldb-devel-common-2.6.1-1.amzn2023.0.2.x86_64
ldb-tools-debuginfo-2.6.1-1.amzn2023.0.2.x86_64
python3-ldb-devel-2.6.1-1.amzn2023.0.2.x86_64
libldb-debugsource-2.6.1-1.amzn2023.0.2.x86_64
libldb-devel-2.6.1-1.amzn2023.0.2.x86_64
libldb-debuginfo-2.6.1-1.amzn2023.0.2.x86_64
python3-ldb-debuginfo-2.6.1-1.amzn2023.0.2.x86_64
ldb-tools-2.6.1-1.amzn2023.0.2.x86_64
python3-ldb-2.6.1-1.amzn2023.0.2.x86_64
libldb-2.6.1-1.amzn2023.0.2.x86_64