Skip to navigation

Bug Fix Advisory mod_authz_ldap bug fix update

Advisory: RHBA-2012:1389-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-10-18
Last updated on: 2013-02-20
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated mod_authz_ldap packages that fix three bugs are now available for Red
Hat Enterprise Linux 6.

The mod_authz_ldap packages provide a module for the Apache HTTP Server to
authenticate users against an LDAP database.

This update fixes the following bugs:

* Prior to this update, the License field of the mod_authz_ldap packages
contained an incorrect tag. This update modifies the license text. Now, the
license tag correctly reads "ASL1.0". (BZ#607797)

* Prior to this update, the mod_authz_ldap module could leak memory. As a
consequence, the memory consumption of the httpd process could increase as more
requests were processed. This update modifies the underlying code to handle
LDAP correctly. Now, the memory consumption as at expected levels.(BZ#643691)

* Prior to this update, passwords were logged in plain text to the error log
when an LDAP bind password was configured if a connection error occurred. This
update modifies the underlying code to prevent passwords from being logged in
error conditions. (BZ#782442)

All users of mod_authz_ldap are advised to upgrade to this updated package,
which fixes these bugs.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
mod_authz_ldap-0.26-16.el6.src.rpm     MD5: 436a258c889b96ca1262c314185f12ce
SHA-256: 531fd5fb09a09187167e18473afcd61955060d045813bb8a3f29e226799f5be3
 
IA-32:
mod_authz_ldap-0.26-16.el6.i686.rpm     MD5: b67d29851b6cb88c90289d9324efdcd1
SHA-256: 8be60c035094fb87058fc00ed93481ad6664237416c45312b16b5aa7f52ac769
mod_authz_ldap-debuginfo-0.26-16.el6.i686.rpm     MD5: 879c7b5d191c519e5bbb734802e379c0
SHA-256: bc803d8c1cc1b303618f8a081a2edd3782bf695d8fc39cd1745b348134653005
 
PPC:
mod_authz_ldap-0.26-16.el6.ppc64.rpm     MD5: 4f2be0c955cfb5ee28ca9e0ba8f67b91
SHA-256: 4fc0642ddfc1e74bd917d6565f3c97ba64283550910eee1d71453c13f42f9918
mod_authz_ldap-debuginfo-0.26-16.el6.ppc64.rpm     MD5: c2e7a5183b59227513ea827c2a7a5dbd
SHA-256: efe8cb77fdd6adaa3dc44f65b8e754204b099796a8220383b66a578a6479d064
 
s390x:
mod_authz_ldap-0.26-16.el6.s390x.rpm     MD5: 466d05c29b5cd499e976b6816248d044
SHA-256: c0973cf4e35cdd710bd200697d78a43683f8e6dd0def44bdfb5185fff908e6b4
mod_authz_ldap-debuginfo-0.26-16.el6.s390x.rpm     MD5: 032cdc0b8c368b80e5d882ef91e44bc9
SHA-256: d058d87ee2e23ee296b526b0d2e4629ddd4df2632c0283ade2a750620f11c436
 
x86_64:
mod_authz_ldap-0.26-16.el6.x86_64.rpm     MD5: c05dd8175e376c93785821e326eb967f
SHA-256: c102c93b403701525e867cb7a3917f7a3a1624bee03fb6cbe2817ee4352781fe
mod_authz_ldap-debuginfo-0.26-16.el6.x86_64.rpm     MD5: 41bcf43f1f300cf0128254113dfd8644
SHA-256: 5acb97ab482ae4500f72012823f3c3cfbbc855934261bb8a5dadfd51daae146f
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
mod_authz_ldap-0.26-16.el6.src.rpm     MD5: 436a258c889b96ca1262c314185f12ce
SHA-256: 531fd5fb09a09187167e18473afcd61955060d045813bb8a3f29e226799f5be3
 
IA-32:
mod_authz_ldap-0.26-16.el6.i686.rpm     MD5: b67d29851b6cb88c90289d9324efdcd1
SHA-256: 8be60c035094fb87058fc00ed93481ad6664237416c45312b16b5aa7f52ac769
mod_authz_ldap-debuginfo-0.26-16.el6.i686.rpm     MD5: 879c7b5d191c519e5bbb734802e379c0
SHA-256: bc803d8c1cc1b303618f8a081a2edd3782bf695d8fc39cd1745b348134653005
 
x86_64:
mod_authz_ldap-0.26-16.el6.x86_64.rpm     MD5: c05dd8175e376c93785821e326eb967f
SHA-256: c102c93b403701525e867cb7a3917f7a3a1624bee03fb6cbe2817ee4352781fe
mod_authz_ldap-debuginfo-0.26-16.el6.x86_64.rpm     MD5: 41bcf43f1f300cf0128254113dfd8644
SHA-256: 5acb97ab482ae4500f72012823f3c3cfbbc855934261bb8a5dadfd51daae146f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

782442 - mod_authz_ldap logs the plain text password from AuthzLDAPBindPassword in Apache's log files when it is invalid.



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/