An update for libldb is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1221 Final 1.0 1.0 2023-04-14 Initial 2023-04-14 2023-04-14 openEuler SA Tool V1.0 2023-04-14 libldb security update An update for libldb is now available for openEuler-22.03-LTS. An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. Security Fix(es): The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.(CVE-2023-0614) An update for libldb is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libldb https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1221 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0614 https://nvd.nist.gov/vuln/detail/CVE-2023-0614 openEuler-22.03-LTS libldb-2.4.1-3.oe2203.aarch64.rpm libldb-devel-2.4.1-3.oe2203.aarch64.rpm libldb-debugsource-2.4.1-3.oe2203.aarch64.rpm python3-ldb-2.4.1-3.oe2203.aarch64.rpm python-ldb-devel-common-2.4.1-3.oe2203.aarch64.rpm python3-ldb-devel-2.4.1-3.oe2203.aarch64.rpm libldb-debuginfo-2.4.1-3.oe2203.aarch64.rpm libldb-help-2.4.1-3.oe2203.noarch.rpm libldb-2.4.1-3.oe2203.src.rpm libldb-devel-2.4.1-3.oe2203.x86_64.rpm python3-ldb-2.4.1-3.oe2203.x86_64.rpm python-ldb-devel-common-2.4.1-3.oe2203.x86_64.rpm libldb-2.4.1-3.oe2203.x86_64.rpm libldb-debuginfo-2.4.1-3.oe2203.x86_64.rpm libldb-debugsource-2.4.1-3.oe2203.x86_64.rpm python3-ldb-devel-2.4.1-3.oe2203.x86_64.rpm The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. 2023-04-14 CVE-2023-0614 openEuler-22.03-LTS Medium 6.5 libldb security update 2023-04-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1221