Bug Fix Advisory bind-dyndb-ldap bug fix update

Advisory: RHBA-2013:1636-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-11-20
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated bind-dyndb-ldap packages that fix several bugs are now available for Red
Hat Enterprise Linux 6.

The dynamic LDAP back-end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates and
internal caching that helps to reduce the load on LDAP servers.

This update fixes the following bugs:

* Previously, the bind-dyndb-ldap plug-in did not handle DNS zones without the
"idnsUpdatePolicy" attribute properly, which led to a harmless, but misleading
error message:

zone serial ([zone serial]) unchanged. zone may fail to transfer to slaves.

This message was logged after each zone reload or potentially after each change
in the affected DNS zone. The bind-dyndb-ldap plug-in has been fixed, so that it
no longer prints any error message if the "idnsUpdatePolicy" attribute is not
defined in the DNS zone. (BZ#908780)

* Previously, the bind-dyndb-ldap plug-in processed update policies with the
"zonesub" match-type incorrectly, which led to the BIND daemon terminating
unexpectedly during the processing of the update-policy parameter. The
bind-dyndb-ldap plug-in has been fixed to process update-policy with the
"zonesub" match-type correctly, and so it no longer crashes in this scenario.
(BZ#921167)

* The bind-dyndb-ldap plug-in processed settings too early, which led to the
BIND daemon terminating unexpectedly with an assertion failure during startup or
reload. The bind-dyndb-ldap plug-in has been fixed to process its options later,
and so no longer crashes during startup or reload. (BZ#923113)

* Prior to this update, the bind-dyndb-ldap plug-in with the default
configuration did not establish enough connections to LDAP server for the
pointer record (PTR) synchronization feature and, consequently, the PTR record
synchronization failed. With this update, the default number of connections has
been raised to four, and the PTR record synchronization now works as expected.
(BZ#1010396)

Users of bind-dyndb-ldap are advised to upgrade to these updated packages, which
fix these bugs.


Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
bind-dyndb-ldap-2.3-5.el6.src.rpm
File outdated by:  RHBA-2015:1259
    MD5: 60f398b8926aff2607a8ed863e430153
SHA-256: 93ed1ace0c67e5dff136c4edcb96648ea97b73da6044da6803fc1da9debeb9f7
 
IA-32:
bind-dyndb-ldap-2.3-5.el6.i686.rpm
File outdated by:  RHBA-2015:1259
    MD5: e29209577e9e7854fb20916cb6c0160f
SHA-256: d57bdc0762b984f2e4e16db19c03ee190ebda518d148298aac6eaf7001075a56
bind-dyndb-ldap-debuginfo-2.3-5.el6.i686.rpm
File outdated by:  RHBA-2015:1259
    MD5: b84d54fd77de5d92757741c4c97f5d4a
SHA-256: 7968a91c2850d5aad76570143596e57856b075d4bd59db85f675cb53dbb7db3d
 
PPC:
bind-dyndb-ldap-2.3-5.el6.ppc64.rpm
File outdated by:  RHBA-2015:1259
    MD5: ed0cd2b488afab62af3056bf2ef78329
SHA-256: ba8339d841ebe32f633bbb800bdb29745d80df7936bd82fe46107bedb250652a
bind-dyndb-ldap-debuginfo-2.3-5.el6.ppc64.rpm
File outdated by:  RHBA-2015:1259
    MD5: e58cc6519adee1a00f49a2f6412d08c3
SHA-256: 4cdfcb8d5696744c22af3faa83bc0ec61751503e528f314aba910bdeb037d0a2
 
s390x:
bind-dyndb-ldap-2.3-5.el6.s390x.rpm
File outdated by:  RHBA-2015:1259
    MD5: 1a03c1e34d0d61599a24ed4b1ad60a91
SHA-256: 551c4f42159fe1a0a6ab6719b07a955a025a37cdd0a4dd29ef5c70e75f5977ae
bind-dyndb-ldap-debuginfo-2.3-5.el6.s390x.rpm
File outdated by:  RHBA-2015:1259
    MD5: 1636e8ba776b06767a67aa13d5061dfe
SHA-256: 730d371b444cc1603a4c2c8d839e351b34f0e50edbafab008eb2e3fe2e940d2d
 
x86_64:
bind-dyndb-ldap-2.3-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:1259
    MD5: 62f7bb5fbf692b05d9a4a761f64f92a3
SHA-256: 4b5da5c8c086bb208325bf2a098193a628d21a5a061565fa0a9599fe4b368b27
bind-dyndb-ldap-debuginfo-2.3-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:1259
    MD5: 672a155f397f900c30f5b09f267a3efb
SHA-256: 021df3020fd14cdd16bf438a5d39523366adb01b04f1e70558f0c0fd4eaa94c8
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
bind-dyndb-ldap-2.3-5.el6.src.rpm
File outdated by:  RHBA-2015:1259
    MD5: 60f398b8926aff2607a8ed863e430153
SHA-256: 93ed1ace0c67e5dff136c4edcb96648ea97b73da6044da6803fc1da9debeb9f7
 
IA-32:
bind-dyndb-ldap-2.3-5.el6.i686.rpm
File outdated by:  RHBA-2015:1259
    MD5: e29209577e9e7854fb20916cb6c0160f
SHA-256: d57bdc0762b984f2e4e16db19c03ee190ebda518d148298aac6eaf7001075a56
bind-dyndb-ldap-debuginfo-2.3-5.el6.i686.rpm
File outdated by:  RHBA-2015:1259
    MD5: b84d54fd77de5d92757741c4c97f5d4a
SHA-256: 7968a91c2850d5aad76570143596e57856b075d4bd59db85f675cb53dbb7db3d
 
x86_64:
bind-dyndb-ldap-2.3-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:1259
    MD5: 62f7bb5fbf692b05d9a4a761f64f92a3
SHA-256: 4b5da5c8c086bb208325bf2a098193a628d21a5a061565fa0a9599fe4b368b27
bind-dyndb-ldap-debuginfo-2.3-5.el6.x86_64.rpm
File outdated by:  RHBA-2015:1259
    MD5: 672a155f397f900c30f5b09f267a3efb
SHA-256: 021df3020fd14cdd16bf438a5d39523366adb01b04f1e70558f0c0fd4eaa94c8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1010396 - PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0)
908780 - Zone without idnsUpdatePolicy causes error message during each zone_refresh
921167 - update-policy with match type 'zonesub' crashes BIND with bind-dyndb-ldap
923113 - Potential crash during startup/reload if global configuration options are set



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/