- Issued:
- 2010-12-16
- Updated:
- 2010-12-16
RHBA-2010:0992 - Bug Fix Advisory
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated nss_ldap package that fixes various bugs is now available for Red Hat
Enterprise Linux 5.
Description
The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap
module is a plug-in which allows applications to retrieve information about
users and groups from a directory server. The pam_ldap module allows a directory
server to be used by PAM-aware applications to verify user passwords.
This update fixes the following bugs:
- When using pluggable authentication modules (PAM), selected modules can be
loaded and unloaded upon each authentication attempt. However, unloading the
pam_ldap module could cause the memory that is allocated by libraries on which
it depends to be lost. Consequent to this, multiple authentication attempts may
have led to a significant memory loss. To prevent this, the pam_ldap module is
no longer unloaded. (BZ#660236)
- When an LDAP context has been established, obtaining the list of groups a user
belongs to could result in a memory leak. With this update, a patch has been
applied to address this issue, and such memory leaks no longer occur.
(BZ#660456)
- Under certain circumstances, the nss_ldap module may have been unable to
correctly process LDAP entries with a large number of group members. This was
due to an error number being accidentally overwritten before the control was
returned to the caller. When this happened, various utilities failed to produce
expected results. With this update, this error has been fixed, the error number
is no longer overwritten, and affected utilities now work properly. (BZ#662939)
All users of nss_ldap are advised to upgrade to this updated package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 660236 - memory leak in pam_ldap
- BZ - 660456 - Memory leak in nss_ldap
- BZ - 662939 - id returns failure when nss_ldap uses TLS and oneshot nss_connect_policy
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
nss_ldap-253-25.el5_5.3.src.rpm | SHA-256: f829b7e1ee1f4bf7d51c6c5adde72735213a364b340d3887d0cd7706e1aa3fd0 |
x86_64 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
nss_ldap-253-25.el5_5.3.x86_64.rpm | SHA-256: 94d86a7638710be6901a1d077563386ffe3ee8f3d6183146c13f5e6df55505db |
ia64 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
nss_ldap-253-25.el5_5.3.ia64.rpm | SHA-256: 9de8adfec423899cf8e1a24ff17e2c2ae594091a1360a6347a591711c5bb0c34 |
i386 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
nss_ldap-253-25.el5_5.3.src.rpm | SHA-256: f829b7e1ee1f4bf7d51c6c5adde72735213a364b340d3887d0cd7706e1aa3fd0 |
x86_64 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
nss_ldap-253-25.el5_5.3.x86_64.rpm | SHA-256: 94d86a7638710be6901a1d077563386ffe3ee8f3d6183146c13f5e6df55505db |
i386 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
nss_ldap-253-25.el5_5.3.src.rpm | SHA-256: f829b7e1ee1f4bf7d51c6c5adde72735213a364b340d3887d0cd7706e1aa3fd0 |
x86_64 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
nss_ldap-253-25.el5_5.3.x86_64.rpm | SHA-256: 94d86a7638710be6901a1d077563386ffe3ee8f3d6183146c13f5e6df55505db |
i386 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
nss_ldap-253-25.el5_5.3.src.rpm | SHA-256: f829b7e1ee1f4bf7d51c6c5adde72735213a364b340d3887d0cd7706e1aa3fd0 |
s390x | |
nss_ldap-253-25.el5_5.3.s390.rpm | SHA-256: 13653d08fefa5e904391f72f859aaabba6e4f4e07c219ae9ac6e50d2bd017649 |
nss_ldap-253-25.el5_5.3.s390x.rpm | SHA-256: a13e7fac8a683259128a932a78106f06bff5da8f0214109b60a239648237f02d |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
nss_ldap-253-25.el5_5.3.src.rpm | SHA-256: f829b7e1ee1f4bf7d51c6c5adde72735213a364b340d3887d0cd7706e1aa3fd0 |
ppc | |
nss_ldap-253-25.el5_5.3.ppc.rpm | SHA-256: a05eac2b205aa15db79ae2946846ad4185e7fb5f9302d0a425af3037016af89f |
nss_ldap-253-25.el5_5.3.ppc64.rpm | SHA-256: 1ce917e6429381589f2946394c13256be8aa7735713cfeda644c6b2eab222e15 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
nss_ldap-253-25.el5_5.3.src.rpm | SHA-256: f829b7e1ee1f4bf7d51c6c5adde72735213a364b340d3887d0cd7706e1aa3fd0 |
x86_64 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
nss_ldap-253-25.el5_5.3.x86_64.rpm | SHA-256: 94d86a7638710be6901a1d077563386ffe3ee8f3d6183146c13f5e6df55505db |
i386 | |
nss_ldap-253-25.el5_5.3.i386.rpm | SHA-256: 53d3fe72f4e2925458f54b107d3875516a9ff0a994a5b14473a211f19cb5979a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.