Bug Fix Advisory Updated nss_ldap package fixes password handling, possible infinite loop

Advisory: RHBA-2004:109-08
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2004-04-21
Last updated on: 2004-04-21
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A

Details

An updated nss_ldap package that fixes password handling and a possible
infinite loop is now available.

nss_ldap is a set of C library extensions that allow X.500 and LDAP
directory servers to be used as a primary source of aliases, ethers,
groups, hosts, networks, protocols, users, RPCs, services, and shadow
passwords (instead of or in addition to using flat files or NIS).

This update fixes handling of passwords set to expire within the next 24
hours, changing passwords correctly when running against a MS Active
Directory 2000 server, and possible infinite looping with reentrant
versions of enumeration functions.

Users of nss_ldap should upgrade to this updated package, which resolves
these issues.


Solution

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
nss_ldap-189-9.src.rpm
File outdated by:  RHSA-2005:751		     4376bf3713be5cf586c747ab41572d0f
openldap-2.0.27-4.7.src.rpm
File outdated by:  RHSA-2005:751		     12d6e713c849fb8a7135d8b362c7e0df
 
IA-32:
nss_ldap-189-9.i386.rpm
File outdated by:  RHSA-2005:751		     e66e69fb4c98193f61bf61969c7b3095
openldap-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     7e7e9d31e890a711f7cddbc44bdf7cd6
openldap-clients-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     19bb78aa095ef33066526b423e1b2ff7
openldap-devel-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     5b9fc526e27a263b36d208abcd9cb7a5
openldap-servers-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     54df8b432c6fca66c40afcb35eedddfb
 
IA-64:
nss_ldap-189-9.ia64.rpm
File outdated by:  RHSA-2005:751		     dd36dcb4a27c420de503afe8b289aded
openldap-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     ab8cc37d6286b7faefea962737957662
openldap-clients-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     cc86b4337acf25f5f20fead7ba34b0a7
openldap-devel-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     aa3ec4cf12673192a024d50f72016d64
openldap-servers-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     996789ffb219d1c1c73fcb82a6bcae16
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
nss_ldap-189-9.src.rpm
File outdated by:  RHSA-2005:751		     4376bf3713be5cf586c747ab41572d0f
openldap-2.0.27-4.7.src.rpm
File outdated by:  RHSA-2005:751		     12d6e713c849fb8a7135d8b362c7e0df
 
IA-32:
nss_ldap-189-9.i386.rpm
File outdated by:  RHSA-2005:751		     e66e69fb4c98193f61bf61969c7b3095
openldap-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     7e7e9d31e890a711f7cddbc44bdf7cd6
openldap-clients-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     19bb78aa095ef33066526b423e1b2ff7
openldap-devel-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     5b9fc526e27a263b36d208abcd9cb7a5
openldap-servers-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     54df8b432c6fca66c40afcb35eedddfb
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
nss_ldap-189-9.src.rpm
File outdated by:  RHSA-2005:751		     4376bf3713be5cf586c747ab41572d0f
openldap-2.0.27-4.7.src.rpm
File outdated by:  RHSA-2005:751		     12d6e713c849fb8a7135d8b362c7e0df
 
IA-32:
nss_ldap-189-9.i386.rpm
File outdated by:  RHSA-2005:751		     e66e69fb4c98193f61bf61969c7b3095
openldap-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     7e7e9d31e890a711f7cddbc44bdf7cd6
openldap-clients-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     19bb78aa095ef33066526b423e1b2ff7
openldap-devel-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     5b9fc526e27a263b36d208abcd9cb7a5
openldap-servers-2.0.27-4.7.i386.rpm
File outdated by:  RHSA-2005:751		     54df8b432c6fca66c40afcb35eedddfb
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
nss_ldap-189-9.src.rpm
File outdated by:  RHSA-2005:751		     4376bf3713be5cf586c747ab41572d0f
openldap-2.0.27-4.7.src.rpm
File outdated by:  RHSA-2005:751		     12d6e713c849fb8a7135d8b362c7e0df
 
IA-64:
nss_ldap-189-9.ia64.rpm
File outdated by:  RHSA-2005:751		     dd36dcb4a27c420de503afe8b289aded
openldap-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     ab8cc37d6286b7faefea962737957662
openldap-clients-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     cc86b4337acf25f5f20fead7ba34b0a7
openldap-devel-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     aa3ec4cf12673192a024d50f72016d64
openldap-servers-2.0.27-4.7.ia64.rpm
File outdated by:  RHSA-2005:751		     996789ffb219d1c1c73fcb82a6bcae16
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

101269 - RHEL 2.1 U4: nss_ldap AD change password bug
112266 - getgrent calls go into a loop
91176 - RHEL 2.1 U4: nss_ldap doesn\'t warn password expiring often when using iPlanet Servers


Keywords

active, directory, dns, nss_ldap

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/