- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1557 - ypserv bug fix and enhancement update
Synopsis
ypserv bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
An updated ypserv package that fixes two bugs and adds one enhancement is now available for Red Hat Enterprise Linux 6.
Description
The ypserv utility provides network information (login names, passwords, home directories, group information) to all of the machines on a network. It can enable users to log in on any machine on the network as long as the machine has the Network Information Service (NIS) client programs running and the user's password is recorded in the NIS passwd database. NIS was formerly known as Sun Yellow Pages (YP).
This update fixes the following bugs:
-
Uninitialized memory could be accessed when running the "yppasswdd" command with the "-x" option to pass data to an external program. As a consequence, redundant characters were prefixed to the request string, which led to incorrect parsing of the request. This update fixes the memory initialization and the request can be now parsed successfully. (BZ#699675)
-
Prior to this update, the root user could see old passwords of other users. This was caused by a change request being logged using syslog when running the "yppaswdd" command with the "-x" option to pass data to an external program. With this update, the old password hash and the new password hash are cleared in syslog and the root user can no longer view the old passwords of other users. (BZ#734494)
In addition, this update adds the following enhancement:
- Prior to this update, users were not able to change their passwords by running the "yppasswd" command if using the passwd.adjunct file, which prevents disclosing the encrypted passwords. With this update, users are now able to change their passwords. (BZ#699667)
All users of ypserv are advised to upgrade to this updated package, which fixes these bugs and adds this enhancement.
Solution
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
Updated Packages
- ypserv-debuginfo-2.19-22.el6.s390x.rpm
- ypserv-2.19-22.el6.x86_64.rpm
- ypserv-debuginfo-2.19-22.el6.ppc64.rpm
- ypserv-2.19-22.el6.i686.rpm
- ypserv-2.19-22.el6.ppc64.rpm
- ypserv-debuginfo-2.19-22.el6.x86_64.rpm
- ypserv-debuginfo-2.19-22.el6.i686.rpm
- ypserv-2.19-22.el6.s390x.rpm
- ypserv-2.19-22.el6.src.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.