- Issued:
- 2011-12-06
- Updated:
- 2012-02-13
RHBA-2011:1705 - nss-pam-ldapd bug fix and enhancement update
Synopsis
nss-pam-ldapd bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
An updated nss-pam-ldapd package that fixes multiple bugs and adds one enhancement is now available for Red Hat Enterprise Linux 6.
[Updated 24 January 2012] This advisory has been updated with the correct package description in the Details section. The package included in this revised update has not been changed in any way from the package included in the original advisory.
Description
The nss-pam-ldapd package provides the nss-pam-ldapd daemon (nslcd) which uses a directory server to look up name service information on behalf of a lightweight nsswitch module.
This update fixes the following bugs:
-
When the nss-pam-ldapd package was installed, settings for the nslcd daemon were migrated from the configuration files used by the pam_ldap module or a previously-installed copy of the nss_ldap package. If the nslcd configuration file was modified, settings would be migrated again, often with an error. With this update, the migration is performed only if the package has not been previously installed. (BZ#706454)
-
Prior to this update, when the nslcd daemon retrieved information about a user or group, the name of the user or group would be checked against the value of the "validnames" configuration setting. The default value of the setting expected the names to be at least three characters long, therefore names which were only two characters long were flagged as invalid. This could have negative impact on some installations. With this update, the default value of the "validnames" setting is modified to a minimum of two characters so that short names are accepted. (BZ#706860)
-
Due to the buffer used for the group field of a user password entry being not big enough, the primary group ID of a user could not be parsed if it contained more than nine digits. As a consequence, the nslcd daemon could drop some of the digits. With this update, nslcd is modified to parse large user IDs properly. (BZ#716822, BZ#720230)
-
An incorrect use of the strtol() call could cause large user ID values to overflow on 32-bit architectures. New functions have been implemented with this update, so that large user IDs are parsed correctly. (BZ#741362)
This update also provides the following enhancement:
- Previously, if "DNS" was specified as the value of the LDAP "uri" setting in the /etc/nslcd.conf file, the nslcd service would attempt to look up DNS SRV records for the LDAP server (in order to determine which directory server to contact) only in the local host's current DNS domain. As a consequence, nslcd could not search for an LDAP server in a different domain. With this update, the DNS domain which is used in the lookup can now be specified by providing a value in the form "DNS:domainname". (BZ#730309)
All users of nss-pam-ldapd are advised to upgrade to this updated package, which fixes these bugs and adds this enhancement.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- nss-pam-ldapd-0.7.5-14.el6.ppc64.rpm
- nss-pam-ldapd-debuginfo-0.7.5-14.el6.s390.rpm
- nss-pam-ldapd-0.7.5-14.el6.s390.rpm
- nss-pam-ldapd-debuginfo-0.7.5-14.el6.x86_64.rpm
- nss-pam-ldapd-debuginfo-0.7.5-14.el6.s390x.rpm
- nss-pam-ldapd-debuginfo-0.7.5-14.el6.ppc.rpm
- nss-pam-ldapd-0.7.5-14.el6.s390x.rpm
- nss-pam-ldapd-0.7.5-14.el6.x86_64.rpm
- nss-pam-ldapd-0.7.5-14.el6.i686.rpm
- nss-pam-ldapd-debuginfo-0.7.5-14.el6.ppc64.rpm
- nss-pam-ldapd-debuginfo-0.7.5-14.el6.i686.rpm
- nss-pam-ldapd-0.7.5-14.el6.src.rpm
- nss-pam-ldapd-0.7.5-14.el6.ppc.rpm
Fixes
- This content is not included.BZ - 706454
- This content is not included.BZ - 706860
- This content is not included.BZ - 720230
- This content is not included.BZ - 737496
- This content is not included.BZ - 741362
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.