- Issued:
- 2011-02-16
- Updated:
- 2011-02-16
RHBA-2011:0239 - Bug Fix Advisory
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated nss_ldap package that fixes various bugs is now available.
Description
The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap
module is a plug-in which allows applications to retrieve information about
users and groups from a directory server. The pam_ldap module allows a directory
server to be used by PAM-aware applications to verify user passwords.
This updated nss_ldap package includes fixes for the following bugs:
- When the "gethostbyname2()" function requested an Internet Protocol version 6
(IPv6) address, the returned address was presented as the Internet Protocol
version 4 (IPv4) address. With this update, nss_ldap correctly fails to return
an IPv6 address. (BZ#205243)
- If hostname resolution was configured to use 'ldap' only, it was impossible to
resolve a hostname of the target Lightweight Directory Access Protocol (LDAP)
server to its address without contacting it. This caused a recursion in the
underlying nss_ldap module until a segmentation fault occurred and the calling
application crashed. The updated nss_ldap package ensures that no segmentation
fault occurs. (BZ#448884)
- The nss_ldap module is built with a static copy of the libldap library.
Applications which called the getpwuid() or getpwuid_r() functions could have
triggered an assertion failure in libldap, thus causing the nss_ldap module to
terminate abnormally. This fix updates the static copy of libldap built into
nss_ldap, and potential assertion failures are no longer triggered. (BZ#525576)
- If the nss_initgroups_ignoreusers option in the nss_ldap configuration file
exceeded the allowed length, errors while parsing the configuration file could
have occurred. This could have resulted in an "Assertion failed" error when
executing any nss_ldap-related commands. With this update, the length of the
'nss_initgroups_ignoreusers' option is not restricted. (BZ#557927)
- Under certain circumstances, nss_ldap may have leaked file descriptors. As a
result, the number of open sockets could have reached the maximum limit of 1024.
With this update, this error is fixed and nss_ldap no longer causes applications
to leak file descriptors. (BZ#563362)
- Previously, enabling the "nss_connect_policy oneshot" option in the
/etc/ldap.conf configuration file may have caused an application crash.
With this update, enabling "nss_connect_policy oneshot" works as expected.
(BZ#566632)
- In certain cases, nss_ldap failed to get a response from the Lightweight
Directory Access Protocol (LDAP) server and the client became temporarily unable
to query the server. With this update the issue is fixed and the server responds
as expected. (BZ#574306)
- The "endpwent" function called ldap query with the NULL handle and the parent
process crashed. With this update, the handle is used only if it is valid.
(BZ#604945)
- The nss_ldap module could have failed to return a result if an entry was too
large. With this update, the ERANGE error is returned as expected. (BZ#613555)
- The shell wrote to a socket that was not connected to an LDAP server. This
resulted in an EPIPE error and no shell commands were resolved when logged in as
an LDAP user. The SIGPIPE signal is now unblocked when the connection in a child
element is closed and shell commands work as expected. (BZ#621586)
All users of nss_ldap are advised to upgrade to this updated package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 205243 - gethostbyname2 queried with AF_INET6 (IPv6) return ok with IPv4 address
- BZ - 448884 - getent -s 'ldap' passwd -- Segmentation fault
- BZ - 525576 - Rebuild nss_ldap with latest openldap
- BZ - 563362 - nscd with nss_ldap leaks file descriptors
- BZ - 566632 - nss_ldap bug causes nscd to crash with `ldap_result: Assertion `ld != ((void *)0)' failed.'
- BZ - 574306 - nss_ldap client does not seem to get a response from ldap server
- BZ - 604945 - sendmail local delivery assertion failure when using MatchGECOS=True and nss lookups on ldap
- BZ - 613555 - id returns failure when nss_ldap uses TLS and oneshot nss_connect_policy
- BZ - 621586 - nss_ldap EPIPE when forking process
- BZ - 651364 - gethostbyname2 returns 0.0.0.0 IPv4 address for hosts from LDAP on s390x
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
SRPM | |
---|---|
nss_ldap-253-16.el4.src.rpm | SHA-256: 7ddefc2f12a18ca77ad8162caf03f4f7cbbb0e04d51f70c05eba73a1f389146b |
x86_64 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.x86_64.rpm | SHA-256: 773cac1d85a57294a21242bb76c0b752a1cd022962a05b1f1d67cd95c726194d |
nss_ldap-253-16.el4.x86_64.rpm | SHA-256: 773cac1d85a57294a21242bb76c0b752a1cd022962a05b1f1d67cd95c726194d |
ia64 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.ia64.rpm | SHA-256: b5f429ed8ffe21fb20bc884b37c77d3f421ff334f204f6f52ef80119a42352b7 |
nss_ldap-253-16.el4.ia64.rpm | SHA-256: b5f429ed8ffe21fb20bc884b37c77d3f421ff334f204f6f52ef80119a42352b7 |
i386 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
Red Hat Enterprise Linux Workstation 4
SRPM | |
---|---|
nss_ldap-253-16.el4.src.rpm | SHA-256: 7ddefc2f12a18ca77ad8162caf03f4f7cbbb0e04d51f70c05eba73a1f389146b |
x86_64 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.x86_64.rpm | SHA-256: 773cac1d85a57294a21242bb76c0b752a1cd022962a05b1f1d67cd95c726194d |
ia64 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.ia64.rpm | SHA-256: b5f429ed8ffe21fb20bc884b37c77d3f421ff334f204f6f52ef80119a42352b7 |
i386 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
Red Hat Enterprise Linux Desktop 4
SRPM | |
---|---|
nss_ldap-253-16.el4.src.rpm | SHA-256: 7ddefc2f12a18ca77ad8162caf03f4f7cbbb0e04d51f70c05eba73a1f389146b |
x86_64 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
nss_ldap-253-16.el4.x86_64.rpm | SHA-256: 773cac1d85a57294a21242bb76c0b752a1cd022962a05b1f1d67cd95c726194d |
i386 | |
nss_ldap-253-16.el4.i386.rpm | SHA-256: 45ad02b2c46b035763808ab3b21866a8decf30a301b8b507f6204aa55925b5e1 |
Red Hat Enterprise Linux for IBM z Systems 4
SRPM | |
---|---|
nss_ldap-253-16.el4.src.rpm | SHA-256: 7ddefc2f12a18ca77ad8162caf03f4f7cbbb0e04d51f70c05eba73a1f389146b |
s390x | |
nss_ldap-253-16.el4.s390.rpm | SHA-256: 414f77f044ffd2aec8283e455fa7c863d12b628b79e991e103b4b7b32084c65d |
nss_ldap-253-16.el4.s390x.rpm | SHA-256: ff5f7bce61c4cd3dfb921019aeaa1e50f855290398424ceebd92c15ef112b49a |
s390 | |
nss_ldap-253-16.el4.s390.rpm | SHA-256: 414f77f044ffd2aec8283e455fa7c863d12b628b79e991e103b4b7b32084c65d |
Red Hat Enterprise Linux for Power, big endian 4
SRPM | |
---|---|
nss_ldap-253-16.el4.src.rpm | SHA-256: 7ddefc2f12a18ca77ad8162caf03f4f7cbbb0e04d51f70c05eba73a1f389146b |
ppc | |
nss_ldap-253-16.el4.ppc.rpm | SHA-256: 8f4353b073c57a0539f2be52916685b19511afc16364fae577bbb83ee1b2b983 |
nss_ldap-253-16.el4.ppc64.rpm | SHA-256: bdcbf5cccf963f4d1ca7ede88286821cae2c47fe1bbd9869556d8a44145a8bac |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.