Skip to navigation

Bug Fix Advisory nss_ldap bug fix update

Advisory: RHBA-2013:0085-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-01-07
Last updated on: 2013-01-07
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated nss_ldap packages that fix multiple bugs are now available for Red Hat
Enterprise Linux 5.

The nss_ldap packages contain the nss_ldap and pam_ldap modules. The nss_ldap
module is a name service switch module which allows applications to retrieve
information about users and groups from a directory server. The pam_ldap module
allows a directory server to be used by PAM-aware applications to verify user
passwords.

This update fixes the following bugs:

* When parsing an ldap.conf file that contained a host and a port definition,
the nss_ldap "do_add_hosts()" function always created a URI starting with
"ldap://" regardless of SSL being enabled. Consequently, when the response
included an "ldaps://..." referral to the same server and port, the libldap
library considered this to be a different scheme ("ldaps" vs. the initial
"ldap") and opened new connections for each referral lookup instead of reusing
the existing persistent connection. The code has been improved and now when the
SSL option is enabled the initial URI will be in the format "ldaps://...". As a
result, nss_ldap now correctly uses the LDAPS scheme with SSL connections.
(BZ#761281)

* Due to a regression in the configuration parser, the "do_readline()" function
did not return the correct exit code when the last line of "/etc/ldap.secret"
did not contain a newline. Consequently, the nss_ldap module failed to bind to
the LDAP server. With this update the parser now returns the correct exit code
when parsing /etc/ldap.secret and nss_ldap works as expected in the scenario
described. (BZ#797410)

* The nss_ldap module used to leak memory when an entry that did not exist on
the remote server was requested. The memory leak has been fixed by freeing an
internal search structure even in cases where the search does not finish
successfully. (BZ#835555)

All users of nss_ldap are advised to upgrade to these updated packages, which
fix these bugs.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
nss_ldap-253-51.el5.src.rpm
File outdated by:  RHBA-2013:0251
    MD5: 5391ec9819d84e1a2d46a94793b0543c
SHA-256: eea8c41f587627fc2306ac8c3399618c271a33f17e95c68af1dfc906888e503f
 
IA-32:
nss_ldap-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: b390bab48412fced85c96bea3947ea5a
SHA-256: e13f17902ae79c8bf6d9b469b9837163ca961fa690bbe3d8ce6c963e6b395c5e
nss_ldap-debuginfo-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: fb2297dbafc84f800c91a47a817c36bf
SHA-256: 7fd95d4a4acc5704e5f9213cd1e3137d2a5bb9a8935794a868ea2e83631e2125
 
IA-64:
nss_ldap-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: b390bab48412fced85c96bea3947ea5a
SHA-256: e13f17902ae79c8bf6d9b469b9837163ca961fa690bbe3d8ce6c963e6b395c5e
nss_ldap-253-51.el5.ia64.rpm
File outdated by:  RHBA-2013:0251
    MD5: f6cec22367e58285278dd99a303c0df0
SHA-256: 6db1c9cfc31297a6db7c0d4714bc8b3bc40e1e39091edd44c51d378e9aca60a6
nss_ldap-debuginfo-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: fb2297dbafc84f800c91a47a817c36bf
SHA-256: 7fd95d4a4acc5704e5f9213cd1e3137d2a5bb9a8935794a868ea2e83631e2125
nss_ldap-debuginfo-253-51.el5.ia64.rpm
File outdated by:  RHBA-2013:0251
    MD5: 399cbc14371942ed80979e1078a3f8b2
SHA-256: 68945c01be2ec15a30559cd8073e38929af8861c5b9b6c352d9410671d647402
 
PPC:
nss_ldap-253-51.el5.ppc.rpm
File outdated by:  RHBA-2013:0251
    MD5: fe51f7e7f7c514be4d463bee75d6d47e
SHA-256: 684a1fe4d0b24d538f4bf02778df5e3bb38fdc3ed138159313d1757309bc7d1e
nss_ldap-253-51.el5.ppc64.rpm
File outdated by:  RHBA-2013:0251
    MD5: 8ecc8add5ad347f415dc16cf282f18bd
SHA-256: fa7c0720dfb12eaeee78978179eb801f4199e91bbdd3f0fea413a986882b169a
nss_ldap-debuginfo-253-51.el5.ppc.rpm
File outdated by:  RHBA-2013:0251
    MD5: f8b53be529f5481f0c42d6c2903da6f9
SHA-256: 4fb41b94dc937a02ca0f12815a6ca918e0497ffc2ebc7c0a6bb005cf531de586
nss_ldap-debuginfo-253-51.el5.ppc64.rpm
File outdated by:  RHBA-2013:0251
    MD5: fc2cfe5957532b2ff97ffb9bf344211c
SHA-256: 0afbf4733e70bf44f56d592f6196245dfe53315dd3f195af68beb7521fc57c18
 
s390x:
nss_ldap-253-51.el5.s390.rpm
File outdated by:  RHBA-2013:0251
    MD5: e93fd5be45d5ed4392f5ede1acd85eb7
SHA-256: ea17e66c021feced3e24b79a63a7bc7ced4717f11385ea0e0f7e777f0daa2ae7
nss_ldap-253-51.el5.s390x.rpm
File outdated by:  RHBA-2013:0251
    MD5: 513c79356b692d6df6f60032cd8de6bc
SHA-256: 19a2f6e308980506e9f65264a812892cef541f0416655c70d0c5fe8581a8f9d1
nss_ldap-debuginfo-253-51.el5.s390.rpm
File outdated by:  RHBA-2013:0251
    MD5: fdc081740164cd2ebdac78332a9fb65c
SHA-256: ad70e4c14694223ccce332f39290d95102749d2014ee75b2638845efcb72a2c7
nss_ldap-debuginfo-253-51.el5.s390x.rpm
File outdated by:  RHBA-2013:0251
    MD5: be36b25a26ae0367eb21f40760546eb0
SHA-256: 8fcadcaaf43d6fd0ee61a1a789108a5ccc24ebff93157242cb80e825e71b0c57
 
x86_64:
nss_ldap-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: b390bab48412fced85c96bea3947ea5a
SHA-256: e13f17902ae79c8bf6d9b469b9837163ca961fa690bbe3d8ce6c963e6b395c5e
nss_ldap-253-51.el5.x86_64.rpm
File outdated by:  RHBA-2013:0251
    MD5: 9cf319c3bb21a712abaee70574d2b251
SHA-256: 9685548b0085f560493398bf73c916eef5eb895930cc4dae454a3251a33bbd83
nss_ldap-debuginfo-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: fb2297dbafc84f800c91a47a817c36bf
SHA-256: 7fd95d4a4acc5704e5f9213cd1e3137d2a5bb9a8935794a868ea2e83631e2125
nss_ldap-debuginfo-253-51.el5.x86_64.rpm
File outdated by:  RHBA-2013:0251
    MD5: 266a40f6b7e3e7118e9055fb10e54435
SHA-256: aad6a6ba64d05d484a3bd448c3efa117ee85f09b2d1f837191fd4d8b4d62af17
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
nss_ldap-253-51.el5.src.rpm
File outdated by:  RHBA-2013:0251
    MD5: 5391ec9819d84e1a2d46a94793b0543c
SHA-256: eea8c41f587627fc2306ac8c3399618c271a33f17e95c68af1dfc906888e503f
 
IA-32:
nss_ldap-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: b390bab48412fced85c96bea3947ea5a
SHA-256: e13f17902ae79c8bf6d9b469b9837163ca961fa690bbe3d8ce6c963e6b395c5e
nss_ldap-debuginfo-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: fb2297dbafc84f800c91a47a817c36bf
SHA-256: 7fd95d4a4acc5704e5f9213cd1e3137d2a5bb9a8935794a868ea2e83631e2125
 
x86_64:
nss_ldap-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: b390bab48412fced85c96bea3947ea5a
SHA-256: e13f17902ae79c8bf6d9b469b9837163ca961fa690bbe3d8ce6c963e6b395c5e
nss_ldap-253-51.el5.x86_64.rpm
File outdated by:  RHBA-2013:0251
    MD5: 9cf319c3bb21a712abaee70574d2b251
SHA-256: 9685548b0085f560493398bf73c916eef5eb895930cc4dae454a3251a33bbd83
nss_ldap-debuginfo-253-51.el5.i386.rpm
File outdated by:  RHBA-2013:0251
    MD5: fb2297dbafc84f800c91a47a817c36bf
SHA-256: 7fd95d4a4acc5704e5f9213cd1e3137d2a5bb9a8935794a868ea2e83631e2125
nss_ldap-debuginfo-253-51.el5.x86_64.rpm
File outdated by:  RHBA-2013:0251
    MD5: 266a40f6b7e3e7118e9055fb10e54435
SHA-256: aad6a6ba64d05d484a3bd448c3efa117ee85f09b2d1f837191fd4d8b4d62af17
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

761281 - ldaps scheme should be used when ssl is enabled
797410 - nss_ldap-253-49 fails to bind when ldap.secret does not contain a newline



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/