Skip to navigation

Bug Fix Advisory ypserv bug fix and enhancement update

Advisory: RHBA-2012:0205-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-02-20
Last updated on: 2012-02-20
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)

Details

An updated ypserv package that fixes various bugs and adds one enhancement is
now available for Red Hat Enterprise Linux 5.

The ypserv utility provides network information (login names, passwords, home
directories, group information) to all of the machines on a network. It can
enable users to log in on any machine on the network as long as the machine has
the Network Information Service (NIS) client programs running and the user's
password is recorded in the NIS passwd database. NIS was formerly known as Sun
Yellow Pages (YP).

This update fixes the following bugs:

* Previously, the rpc.yppasswdd daemon reported success even if the daemon was
not able to write into a shadow file (for example, because of the incorrect
SELinux context). With this update, an error is logged in syslog, and
rpc.yppasswdd now reports failure in the described scenario. (BZ#747317)

* Due to the invalid ypdb_close() call, ypserv's virtual memory could in rare
cases grow to a large size. As a consequence, ypserv failed to respond to
Network Information Service (NIS) queries and had to be restarted. This update
removes the invalid ypdb_close() call so that the amount of memory used remains
at a reasonable size. (BZ#403621)

* Previously, when the user updated the ypserv package, the file
/var/yp/Makefile was replaced, and any changes that the user had made in this
file were overwritten. The file is now regarded as a config file, and is no
longer replaced so that user's changes are preserved. (BZ#481780)

* Due to a string concatenation error in the code, running the "yppasswdd"
command with the "-x" option in order to pass data to an external program to
update the source files and maps, could have caused garbage characters to be
inserted in front of the username. This caused the output to become unparseable.
With this update, the operation is changed to a string-copy, so that the
username is no longer corrupted when using the "-x" option. (BZ#681699)

* Previously, error messages of the rpc.yppasswdd utility were unclear when
running the "yppasswdd" command with the "-x" option in order to pass data to an
external program. This update adds quotation marks to error messages so that
they can be easily read. (BZ#695754)

* Previously, there was no reference to the YPSERV_ARGS and YPXFRD variables in
the sysconfig.txt file, neither in the ypserv manual pages. This update adds the
YPSERV_ARGS and YPXFRD usage information to the ypserv manual pages. (BZ#699662)

* Prior to this update, the ypserv package did not contain a file describing
what license the software used. This update adds the COPYING file which contains
the license information. (BZ#707195)

* Previously, the yppush(8) manual page did not describe how to force the yppush
utility to use a static port. The yppush(8) manual page has been modified to
mention that the static port number can be set in /var/yp/Makefile. (BZ#712239)

* Prior to this update, the root user could see old passwords of other users.
This was caused by a change request being logged using syslog when running the
"yppaswdd" command with the "-x" option to pass data to an external program.
With this update, the old password hash and the new password hash are cleared in
syslog and the root user can no longer view the old passwords of other users.
(BZ#743587)

This update also adds the following enhancements:

* Prior to this update, users were not able to change their passwords by running
the "yppasswd" command if using the passwd.adjunct file, which prevents
disclosing the encrypted passwords. With this update, users are now able to
change their passwords. (BZ#679848)

All users of ypserv are advised to upgrade to this updated package, which fixes
these bugs and provides this enhancement.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
ypserv-2.19-9.el5.src.rpm
File outdated by:  RHBA-2013:0660
    MD5: cf7dcb356b2d3aaea71d96db0c5c38a7
SHA-256: dc106728e801c45f26a012721ed8efbf34356c71d5623707e1e1d95161b903a8
 
IA-32:
ypserv-2.19-9.el5.i386.rpm
File outdated by:  RHBA-2013:0660
    MD5: 721361a624ed8e3978740141c75a2dfd
SHA-256: 44fe32bb0ab86a5dfbf28476eb4da199d0222c4eb1823e3754b87ca32c31f812
 
x86_64:
ypserv-2.19-9.el5.x86_64.rpm
File outdated by:  RHBA-2013:0660
    MD5: d4726446c5649067530652282c9bc8ab
SHA-256: 69b8a079c0309928960ba6dab7ef614259f3634688e215bff02f8ea658c9a8bf
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
ypserv-2.19-9.el5.src.rpm
File outdated by:  RHBA-2013:0660
    MD5: cf7dcb356b2d3aaea71d96db0c5c38a7
SHA-256: dc106728e801c45f26a012721ed8efbf34356c71d5623707e1e1d95161b903a8
 
IA-32:
ypserv-2.19-9.el5.i386.rpm
File outdated by:  RHBA-2013:0660
    MD5: 721361a624ed8e3978740141c75a2dfd
SHA-256: 44fe32bb0ab86a5dfbf28476eb4da199d0222c4eb1823e3754b87ca32c31f812
 
IA-64:
ypserv-2.19-9.el5.ia64.rpm
File outdated by:  RHBA-2013:0660
    MD5: f19a2b191085558af77f80588fb2e6b7
SHA-256: a51ef11eff94ce7b2e3b1ae187e9ae0334291b4734331a3e3af0f1979a42d52e
 
PPC:
ypserv-2.19-9.el5.ppc.rpm
File outdated by:  RHBA-2013:0660
    MD5: 3f3db231dac4435752ece46ddede4a13
SHA-256: c7678412a086337f2f82890af9c31f2cb330598bf415457bab9560018c0d0dc3
 
s390x:
ypserv-2.19-9.el5.s390x.rpm
File outdated by:  RHBA-2013:0660
    MD5: 723540e779dee28aa24d4af1e23ba3d6
SHA-256: b011e9495d654dbf1b93399bec9017571edfeb546876936553cd52fcb70f3eec
 
x86_64:
ypserv-2.19-9.el5.x86_64.rpm
File outdated by:  RHBA-2013:0660
    MD5: d4726446c5649067530652282c9bc8ab
SHA-256: 69b8a079c0309928960ba6dab7ef614259f3634688e215bff02f8ea658c9a8bf
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

403621 - ypserv excessive vsize
481780 - ypserv replaces /var/yp/Makefile
681699 - yppasswdd -x has garbage prefixed to username
695754 - rpc.yppasswd returns epmty string instead of error messages
699662 - There is no references for some variables in documentation sysconfig.txt
707195 - Missing file COPYING in the ypserv package
712239 - Timeout with yppush and iptables enabled pushing maps to NIS slave server
747317 - yppasswdd returns success when /etc/passwd.adjunct is not writable


Keywords

ypserv


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/