- Issued:
- 2010-03-30
- Updated:
- 2010-03-30
RHBA-2010:0260 - Bug Fix Advisory
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated nss_ldap package that fixes various bugs is now available.
Description
The nss_ldap package includes two LDAP access clients: nss_ldap and
pam_ldap. nss_ldap is a plug-in for the standard C library which allows
applications to look up information about users and groups using a
directory server. The pam_ldap module is a Pluggable Authentication Module
(PAM) which provides for authentication, authorization and password
changing against LDAP servers.
This package addresses the following bugs:
- The nss_ldap package did not support case sensitive text. This could
cause group membership not to be matched to the users. To correct this name
resolution for users, group, and shadow information can now be forced to
be performed in a case sensitive manner by setting "nss_check_case yes" in
/etc/ldap.conf. The default setting remains as "nss_check_case no". This
fix results in group membership being matched to the correct users.
(BZ#518911)
- When running commands, sometimes the nss_ldap library would produce
assertion errors, leading to application failure. To fix this bug the
nss_ldap package has been modified to allow for bind_timeout in
/etc/ldap.conf to be set to a low value (for example, 2). If the bind
performed does time out it now performs a debug request instead of
producing assertion errors. (BZ#499302)
- By setting the value 'bind_policy soft' in the /etc/ldap.conf file and
configuring hostname resolution to only use 'ldap', it becomes impossible
to resolve any information about the server without first contacting it.
This meant that when using the command getent -s 'ldap' passwd, a
segmentation fault would occur. This updated nss_ldap package ensures that
no segmentation fault occurs, however the correct way to access the server
information in the outlined case would be to use the command getent -s
'passwd:ldap' passwd. (BZ#448883)
- When LDAP was listed before DNS in the nsswitch.conf file and the
hostname was not in the /etc/hosts file, the nss_ldap package caused
segmentation faults. Segmentation faults occurred with nscd, getent and any
process that used the library when communicating with the secondary
OpenLDAP servers. This package update ensures that nss_ldap does not
produce any segmentation faults when interacting with OpenLDAP servers.
(BZ#472920)
- The nss_ldap package would write to a socket that was not connected to an
LDAP server. This resulted in an EPIPE error being returned and all shell
commands ceasing to work when logged in as an LDAP user. To fix this bug
the sigpipe is now unblocked when closing the connection in the child
element. This allows for shell commands to continue to function.
(BZ#454315)
All nss_ldap users are advised to upgrade to this updated package, which
resolves these issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 448883 - getent -s 'ldap' passwd -- Segmentation fault
- BZ - 454315 - nss_ldap EPIPE when forking process
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
nss_ldap-253-25.el5.src.rpm | SHA-256: bb771998af82be9f5a915af1fabcc7b070fa437a33ba9d7d4f61cc2aeccce9ff |
x86_64 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
nss_ldap-253-25.el5.x86_64.rpm | SHA-256: c6bfb7a182a00ef74e17f878809be1a1ca74bf5503b036d39348a5082d8f649a |
ia64 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
nss_ldap-253-25.el5.ia64.rpm | SHA-256: cd398e12ce4b1fd87cbb16b84a5c862c9b933b295eb5b6cc9b84fb521269d44b |
i386 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
nss_ldap-253-25.el5.src.rpm | SHA-256: bb771998af82be9f5a915af1fabcc7b070fa437a33ba9d7d4f61cc2aeccce9ff |
x86_64 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
nss_ldap-253-25.el5.x86_64.rpm | SHA-256: c6bfb7a182a00ef74e17f878809be1a1ca74bf5503b036d39348a5082d8f649a |
i386 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
nss_ldap-253-25.el5.src.rpm | SHA-256: bb771998af82be9f5a915af1fabcc7b070fa437a33ba9d7d4f61cc2aeccce9ff |
x86_64 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
nss_ldap-253-25.el5.x86_64.rpm | SHA-256: c6bfb7a182a00ef74e17f878809be1a1ca74bf5503b036d39348a5082d8f649a |
i386 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
nss_ldap-253-25.el5.src.rpm | SHA-256: bb771998af82be9f5a915af1fabcc7b070fa437a33ba9d7d4f61cc2aeccce9ff |
s390x | |
nss_ldap-253-25.el5.s390.rpm | SHA-256: 7b78b02de67264cccbb37b6ff0556e76f8543baea02de81c33a020a6adc70cf1 |
nss_ldap-253-25.el5.s390x.rpm | SHA-256: 6c9c50ed3c1b7b5b1b469295fb6686069f9152191fc8b00bfe51b96d78880a84 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
nss_ldap-253-25.el5.src.rpm | SHA-256: bb771998af82be9f5a915af1fabcc7b070fa437a33ba9d7d4f61cc2aeccce9ff |
ppc | |
nss_ldap-253-25.el5.ppc.rpm | SHA-256: dab8945cd72e567a49f2199717b49600750d7944f28c9c17b4cc27017912f7ba |
nss_ldap-253-25.el5.ppc64.rpm | SHA-256: 573b3bd3bfdec807e833c7147c6f475f5bfd1ba663df6fd4d57f787896c9a0da |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
nss_ldap-253-25.el5.src.rpm | SHA-256: bb771998af82be9f5a915af1fabcc7b070fa437a33ba9d7d4f61cc2aeccce9ff |
x86_64 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
nss_ldap-253-25.el5.x86_64.rpm | SHA-256: c6bfb7a182a00ef74e17f878809be1a1ca74bf5503b036d39348a5082d8f649a |
i386 | |
nss_ldap-253-25.el5.i386.rpm | SHA-256: e055284cbc22e44a6498d4e96877d1c6b5ff4bd65a55572428f0f8abf004709e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.