- Issued:
- 2011-07-21
- Updated:
- 2011-07-21
RHBA-2011:1030 - Bug Fix Advisory
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated nss_ldap package that fixes various bugs is now available for Red Hat
Enterprise Linux 5.
Description
The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap
module allows applications to retrieve information about users and groups from a
directory server. The pam_ldap module allows a directory server to be used by
PAM-aware applications to verify user passwords.
This update fixes the following bugs:
- Prior to this update, using the getent utility to retrieve information about a
group with a large number of users could take a very long time. This update
applies a backported patch that addresses this issue and significantly improves
the performance. (BZ#646329)
- When the "netgroup" entry in the /etc/nsswitch.conf configuration file is set
to "ldap files" and the connection to an LDAP server cannot be established, the
system is supposed to search local files for netgroups instead. Previously,
querying such a system for netgroups could incorrectly produce an empty list.
This update corrects this error, and when the "netgroup" entry is set to "ldap
files" and the LDAP server is unavailable, local files are now searched as
expected. (BZ#664609)
- When a system is configured to use LDAP accounts and a password expires, the
relevant user is prompted to change it upon the next login. Previously, the
pam_ldap module incorrectly allowed users to re-use their old passwords. With
this update, this error no longer occurs, and users are no longer allowed to
enter the same password when prompted to change it. (BZ#667758)
- Due to a possible assertion failure in the nss_ldap module, the previous
version of the nss_ldap package may have caused various applications that rely
on the libldap library to terminate unexpectedly. With this update, a patch has
been applied to prevent this assertion failure, resolving this issue.
(BZ#688601)
All users of nss_ldap are advised to upgrade to this updated package, which
fixes these bugs.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 646329 - taking a long time to get a result of getent group when the group has a large number of users
- BZ - 664609 - local files not searched for netgroups if ldap server is unavailable
- BZ - 667758 - pam_ldap, running as root, does not authenticate a user on password expiration
- BZ - 683349 - Need a rebuild with new openssl
- BZ - 684889 - Using 'getgrent_r' call yields "ldap_result: Assertion `ld != ((void *)0)' failed."
- BZ - 688601 - nss_ldap bug causes libldap crashes
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
nss_ldap-253-42.el5.src.rpm | SHA-256: 0b260c798faa3d40e10718e39d9576349acb0b308844a452d3504c61737a33b1 |
x86_64 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
nss_ldap-253-42.el5.x86_64.rpm | SHA-256: e83ab6a4355ad6e501745cf03763906481bafd4dd679afae2d7f10f53fb5e6ee |
ia64 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
nss_ldap-253-42.el5.ia64.rpm | SHA-256: cf6a6d84cd0efe649917d28639d2c267e88011be62c258a8fef38891e8168a56 |
i386 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
nss_ldap-253-42.el5.src.rpm | SHA-256: 0b260c798faa3d40e10718e39d9576349acb0b308844a452d3504c61737a33b1 |
x86_64 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
nss_ldap-253-42.el5.x86_64.rpm | SHA-256: e83ab6a4355ad6e501745cf03763906481bafd4dd679afae2d7f10f53fb5e6ee |
i386 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
nss_ldap-253-42.el5.src.rpm | SHA-256: 0b260c798faa3d40e10718e39d9576349acb0b308844a452d3504c61737a33b1 |
x86_64 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
nss_ldap-253-42.el5.x86_64.rpm | SHA-256: e83ab6a4355ad6e501745cf03763906481bafd4dd679afae2d7f10f53fb5e6ee |
i386 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
nss_ldap-253-42.el5.src.rpm | SHA-256: 0b260c798faa3d40e10718e39d9576349acb0b308844a452d3504c61737a33b1 |
s390x | |
nss_ldap-253-42.el5.s390.rpm | SHA-256: 1707de598e50a4d8e4788abe8a1b7ecd9bb9f9de5d9efc004cce4a093ce8b97c |
nss_ldap-253-42.el5.s390x.rpm | SHA-256: 298a54d6c4d0f4cbba707f5d156b54e5eef2e64bf96f70cf66da15fd5c430333 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
nss_ldap-253-42.el5.src.rpm | SHA-256: 0b260c798faa3d40e10718e39d9576349acb0b308844a452d3504c61737a33b1 |
ppc | |
nss_ldap-253-42.el5.ppc.rpm | SHA-256: 453886b01e82366158c2e835746c6021d8d0d5fdac8fe603a038b55db998abc7 |
nss_ldap-253-42.el5.ppc64.rpm | SHA-256: f9c2669b9a4382697a6606fa0dfec085cf1f3106dbf799663ba6f69e3e611e20 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
nss_ldap-253-42.el5.src.rpm | SHA-256: 0b260c798faa3d40e10718e39d9576349acb0b308844a452d3504c61737a33b1 |
x86_64 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
nss_ldap-253-42.el5.x86_64.rpm | SHA-256: e83ab6a4355ad6e501745cf03763906481bafd4dd679afae2d7f10f53fb5e6ee |
i386 | |
nss_ldap-253-42.el5.i386.rpm | SHA-256: 9f21a108f5e55627cda1b2cfedc4728b8471f243172658c20666bacd1079937d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.