- Issued:
- 2009-10-27
- Updated:
- 2009-10-27
RHBA-2009:1527 - nss_ldap bug fix update
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Topic
An updated nss_ldap package is now available for Red Hat Enterprise Linux 5.
Description
The nss_ldap package includes two LDAP access clients: nss_ldap and pam_ldap. nss_ldap is a plugin for the standard C library which allows applications to look up information about users and groups using a directory server. The pam_ldap module is a Pluggable Authentication Module (PAM) which provides for authentication, authorization and password changing against LDAP servers.
This update fixes the following bug in the nss_ldap module:
- a NULL value was incorrectly assigned to an ldap_parse_result argument if the bind operation timed out. Consequently, if the nss_ldap module was configured to encrypt traffic to the directory server using the "ssl start_tls" option and TLS negotiation took longer than the "bind_timelimit" value set in /etc/ldap.conf, the client module would crash with an Assertion error. With this update, the ldap_parse_result argument is not set to NULL if the bind operation times out and the Assertion error no longer occurs. (BZ#529376)
Note: The default bind_timelimit is 30 seconds and this bug did not normally trigger unless the value was set to less than this default. Further, it was possible to workaround this issue by increasing the bind_timelimit (for example, to 60 seconds). This only masked the underlying issue, however.
All nss_ldap users are advised to upgrade to this updated package, which resolves this issue.
Solution
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 5.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 5.4 | ia64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 5.4 | i386 |
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for Power, big endian - Extended Update Support | 5.4 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 5.4 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- nss_ldap-253-22.el5_4.src.rpm
- nss_ldap-253-22.el5_4.ppc.rpm
- nss_ldap-253-22.el5_4.s390.rpm
- nss_ldap-253-22.el5_4.s390x.rpm
- nss_ldap-253-22.el5_4.ia64.rpm
- nss_ldap-253-22.el5_4.x86_64.rpm
- nss_ldap-253-22.el5_4.i386.rpm
- nss_ldap-253-22.el5_4.ppc64.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.