- Issued:
- 2009-09-02
- Updated:
- 2009-09-02
RHBA-2009:1379 - Bug Fix Advisory
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated nss_ldap package is now available for Red Hat Enterprise Linux 5.
Description
The nss_ldap module is a plugin for the standard C library which allows
applications to look up information about users and groups using a
directory server.
This updated nss_ldap package provide fixes for the following bugs:
- nss_ldap contained a socket descriptor leak that occurred when it was
forced to reconnect to the LDAP server. This socket descriptor leak would
eventually cause the nscd daemon to consume 100% CPU and fail to reconnect
to the LDAP server. This has been fixed so that sockets do not leak and a
failure to reconnect does not occur. (BZ#428837)
- this update modifies the nss_ldap module's behavior so that when it
encounters an entry which contains an attribute value which is expected to
be numeric, but the value contained in the entry can not be correctly
parsed as a number, then the module ignores the entry. (BZ#457258)
- a previous change in nss_ldap's default behavior meant that the "getent
passwd" command retrieved a fewer number of lines than before. This default
behavior can be changed with the "nss_paged_results" option, which, in
these updated packages, is now set by default to "no", so that "getent
passwd" is able to retrieve up to 40447 lines instead of 1041. (BZ#486321)
- running the command "id [ldap_username]" when the "nss_connect_policy"
directive in the /etc/ldap.conf configuration file was set to "oneshot"
caused the "id" command to fail and the nscd daemon to crash due to an
assertion failure. With these updated packages, calling "id [user_name]"
when "nss_connect_policy" is set to "oneshot" works as expected and no
longer triggers the failed assertion. (BZ#488857)
All users of nss_ldap are advised to upgrade to this updated package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 428837 - leaking file descriptors
- BZ - 486321 - nss_ldap compiled with --enable-paged-results breaks 'getent passwd'
- BZ - 488857 - nss_ldap bug causes nscd to crash with `ldap_result: Assertion `ld != ((void *)0)' failed.'
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
nss_ldap-253-21.el5.src.rpm | SHA-256: b906720311585fa0d351beab1ae43aa7626e0f07a0ff391f7aa2b4db63f9dcf3 |
x86_64 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
nss_ldap-253-21.el5.x86_64.rpm | SHA-256: a3d284c1b5af8e0713b245bf94d339e870f73bf57f2d1c80ab3ee2407e4f18e8 |
ia64 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
nss_ldap-253-21.el5.ia64.rpm | SHA-256: 6747ff4aa1d4e26abc4e28f604e84c929845943280bca6e2b65971964464c934 |
i386 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
nss_ldap-253-21.el5.src.rpm | SHA-256: b906720311585fa0d351beab1ae43aa7626e0f07a0ff391f7aa2b4db63f9dcf3 |
x86_64 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
nss_ldap-253-21.el5.x86_64.rpm | SHA-256: a3d284c1b5af8e0713b245bf94d339e870f73bf57f2d1c80ab3ee2407e4f18e8 |
i386 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
nss_ldap-253-21.el5.src.rpm | SHA-256: b906720311585fa0d351beab1ae43aa7626e0f07a0ff391f7aa2b4db63f9dcf3 |
x86_64 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
nss_ldap-253-21.el5.x86_64.rpm | SHA-256: a3d284c1b5af8e0713b245bf94d339e870f73bf57f2d1c80ab3ee2407e4f18e8 |
i386 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
nss_ldap-253-21.el5.src.rpm | SHA-256: b906720311585fa0d351beab1ae43aa7626e0f07a0ff391f7aa2b4db63f9dcf3 |
s390x | |
nss_ldap-253-21.el5.s390.rpm | SHA-256: c500ebd7c054b4443b42b92d84a4457435fd439bcda73626281007130489b5dd |
nss_ldap-253-21.el5.s390x.rpm | SHA-256: b9368a1b83e0a7d8015302ed8c176b43bbaa43cd9dee3a50ed80bbc56508ff09 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
nss_ldap-253-21.el5.src.rpm | SHA-256: b906720311585fa0d351beab1ae43aa7626e0f07a0ff391f7aa2b4db63f9dcf3 |
ppc | |
nss_ldap-253-21.el5.ppc.rpm | SHA-256: b375ef29b1f275a4fe16a1b4e1f7e8f413b040f64408233362d05c7115d4de4d |
nss_ldap-253-21.el5.ppc64.rpm | SHA-256: 586048f052c6149a0ba623897b79cf71db8af842080602d43c9e6f492f6d6af6 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
nss_ldap-253-21.el5.src.rpm | SHA-256: b906720311585fa0d351beab1ae43aa7626e0f07a0ff391f7aa2b4db63f9dcf3 |
x86_64 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
nss_ldap-253-21.el5.x86_64.rpm | SHA-256: a3d284c1b5af8e0713b245bf94d339e870f73bf57f2d1c80ab3ee2407e4f18e8 |
i386 | |
nss_ldap-253-21.el5.i386.rpm | SHA-256: 8b58ed44d9589dfb6c8fe0d4f6f1e72d4fac22a3c727a2d5ffd11c8f1abdb8cb |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.