RHBA-2013:1636 - Bug Fix Advisory

Topic

Updated bind-dyndb-ldap packages that fix several bugs are now available for Red
Hat Enterprise Linux 6.

Description

The dynamic LDAP back-end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates and
internal caching that helps to reduce the load on LDAP servers.

This update fixes the following bugs:

• Previously, the bind-dyndb-ldap plug-in did not handle DNS zones without the

"idnsUpdatePolicy" attribute properly, which led to a harmless, but misleading
error message:

zone serial ([zone serial]) unchanged. zone may fail to transfer to slaves.

This message was logged after each zone reload or potentially after each change
in the affected DNS zone. The bind-dyndb-ldap plug-in has been fixed, so that it
no longer prints any error message if the "idnsUpdatePolicy" attribute is not
defined in the DNS zone. (BZ#908780)

• Previously, the bind-dyndb-ldap plug-in processed update policies with the

"zonesub" match-type incorrectly, which led to the BIND daemon terminating
unexpectedly during the processing of the update-policy parameter. The
bind-dyndb-ldap plug-in has been fixed to process update-policy with the
"zonesub" match-type correctly, and so it no longer crashes in this scenario.
(BZ#921167)

• The bind-dyndb-ldap plug-in processed settings too early, which led to the

BIND daemon terminating unexpectedly with an assertion failure during startup or
reload. The bind-dyndb-ldap plug-in has been fixed to process its options later,
and so no longer crashes during startup or reload. (BZ#923113)

• Prior to this update, the bind-dyndb-ldap plug-in with the default

configuration did not establish enough connections to LDAP server for the
pointer record (PTR) synchronization feature and, consequently, the PTR record
synchronization failed. With this update, the default number of connections has
been raised to four, and the PTR record synchronization now works as expected.
(BZ#1010396)

Users of bind-dyndb-ldap are advised to upgrade to these updated packages, which
fix these bugs.

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

• BZ - 908780 - Zone without idnsUpdatePolicy causes error message during each zone_refresh
• BZ - 921167 - update-policy with match type 'zonesub' crashes BIND with bind-dyndb-ldap
• BZ - 923113 - Potential crash during startup/reload if global configuration options are set
• BZ - 1010396 - PTR record synchronization can deadlock if connection count <= 2 (only plugin versions < 3.0)

CVEs

(none)

References

(none)