- Issued:
- 2005-06-09
- Updated:
- 2005-06-09
RHBA-2005:282 - Bug Fix Advisory
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated nss_ldap package that corrects a documentation bug and removes
an inconsistency in the default tls_checkpeer setting is now available.
Description
The nss_ldap module is an extension for use with GNU libc which allows
applications to, without internal modification, consult a directory service
using LDAP to supplement information which would be read from local files
such as /etc/passwd, /etc/group, and /etc/shadow.
The pam_ldap module allows PAM-enabled applications to authenticate users
using a directory service.
Both modules support use of either LDAP-over-SSL or LDAP with the StartTLS
extension when connecting to directory servers. When a client application
negotiates SSL or TLS with any server, a client application should verify
the signature and subject name of the certificate which the server provides
as proof of its identity.
In nss_ldap and pam_ldap, whether or not this validation is performed is
controlled by the "tls_checkpeer" setting in /etc/ldap.conf. If set to
"yes", validation is performed. If set to "no", validation is disabled.
If "tls_checkpeer" were left unset, nss_ldap would by default disable
validation, and pam_ldap would allow libldap's default behavior to be
followed. In Red Hat Enterprise Linux 4, these defaults conflict, which
could produce difficult-to-diagnose failures in the login process.
This update backports a fix to nss_ldap which makes its behavior match that
of pam_ldap.
All users of nss_ldap should upgrade to this updated package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
(none)CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
nss_ldap-226-6.src.rpm | SHA-256: aae3d5884360bda3468706d56c24ed0fabfa69501db713fd982ad95f181a4acd |
x86_64 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.x86_64.rpm | SHA-256: 0a1a4eac9d4b4c1e0400991fa56345652e7b95b352fea137f2e4b083cbda90b9 |
nss_ldap-226-6.x86_64.rpm | SHA-256: 0a1a4eac9d4b4c1e0400991fa56345652e7b95b352fea137f2e4b083cbda90b9 |
ia64 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.ia64.rpm | SHA-256: df6893c8316c773d115284142fc1dc475da1621b1006d2a9426c781225a0f658 |
nss_ldap-226-6.ia64.rpm | SHA-256: df6893c8316c773d115284142fc1dc475da1621b1006d2a9426c781225a0f658 |
i386 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
nss_ldap-226-6.src.rpm | SHA-256: aae3d5884360bda3468706d56c24ed0fabfa69501db713fd982ad95f181a4acd |
x86_64 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.x86_64.rpm | SHA-256: 0a1a4eac9d4b4c1e0400991fa56345652e7b95b352fea137f2e4b083cbda90b9 |
ia64 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.ia64.rpm | SHA-256: df6893c8316c773d115284142fc1dc475da1621b1006d2a9426c781225a0f658 |
i386 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
nss_ldap-226-6.src.rpm | SHA-256: aae3d5884360bda3468706d56c24ed0fabfa69501db713fd982ad95f181a4acd |
x86_64 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
nss_ldap-226-6.x86_64.rpm | SHA-256: 0a1a4eac9d4b4c1e0400991fa56345652e7b95b352fea137f2e4b083cbda90b9 |
i386 | |
nss_ldap-226-6.i386.rpm | SHA-256: 5340e45b943292e6db57d4313b94fdb0f01332b7ee7c3598fbf2d1c2d5fbedff |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
nss_ldap-226-6.src.rpm | SHA-256: aae3d5884360bda3468706d56c24ed0fabfa69501db713fd982ad95f181a4acd |
s390x | |
nss_ldap-226-6.s390.rpm | SHA-256: b11f5e1aa30e26d8ca3cee2f0c28ff520569460e9ca48a96c42655f7a923e6e4 |
nss_ldap-226-6.s390x.rpm | SHA-256: 7d5337019837302b137156a664490a53fed42c67b87d835ab1805844f884cc3a |
s390 | |
nss_ldap-226-6.s390.rpm | SHA-256: b11f5e1aa30e26d8ca3cee2f0c28ff520569460e9ca48a96c42655f7a923e6e4 |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
nss_ldap-226-6.src.rpm | SHA-256: aae3d5884360bda3468706d56c24ed0fabfa69501db713fd982ad95f181a4acd |
ppc | |
nss_ldap-226-6.ppc.rpm | SHA-256: 11da36166df094a31fcade1db00830ef08f29a31b251fd0c4c7bc3bfb2806348 |
nss_ldap-226-6.ppc64.rpm | SHA-256: 8f176168f14c84f2dbbb8aa47c30fdc4f7a412d33895fe56542b19b54b160f4e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.