- Issued:
- 2012-01-23
- Updated:
- 2012-01-23
RHBA-2012:0049 - 389-ds-base bug fix update
Synopsis
389-ds-base bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated 389-ds-base packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6.
Description
The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
This update fixes the following bugs:
-
When the LDAP server was under a heavy load, and the network was congested, client connections could experience problems. If there was a connection problem while the server was sending Simple Paged Result (SPR) search results to the client, the LDAP server called a cleanup routine incorrectly. This led to a memory leak and the server terminated unexpectedly. With this update, the underlying code has been modified to ensure that cleanup tasks are run correctly and memory leaks no longer occur. The LDAP server no longer crashes in this scenario. (BZ#758682)
-
Previously, certain operations with the Change Sequence Number (CSN) were not very effective in 389 Directory Server. Therefore, performing a large number of the modrdn operations during Directory Server content replications led to poor performance, and the ns-slapd daemon consumed up to 100% CPU under these circumstances. With this update, the underlying code has been modified to use these CSN operations efficiently so that replications in Directory Server now work as expected in this scenario. (BZ#758683)
-
Previously, allocated memory was not correctly released in the underlying code for the SASL GSSAPI authentication method, when checking the Simple Authentication and Security Layer (SASL) identity mappings. This problem could cause memory leaks when processing SASL bind requests, which eventually caused the LDAP server to terminate unexpectedly with a segmentation fault. This update adds function calls that are needed to free allocated memory correctly. Memory leaks no longer occur and the LDAP server no longer crashes in this scenario. (BZ#758688)
-
Previously, 389 Directory Server used the Netscape Portable Runtime (NSPR) implementation of the read/write locking mechanism. This implementation allowed deadlocks to occur if 389 Directory Server was under a heavy load, which caused the server to become unresponsive. With this update, 389 Directory Server now uses the POSIX implementation of the locking mechanism, and deadlocks no longer occur under a heavy load. (BZ#771631)
-
Under a heavy load in replicated environments, 389 Directory Server did not handle the Entry USN index correctly. Consequently, the index could become out of sync with the main database and search operations on USN entries returned incorrect results. This update modifies the Entry USN plug-in and 389 Directory Server now handles the Entry USN index as expected. (BZ#771632)
All users of 389-ds-base are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Storage | 2.0 | x86_64 |
| Red Hat Storage for Public Cloud (via RHUI) | 2.0 | x86_64 |
| Red Hat Gluster Storage Server for On-premise | 2.0 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 6.2 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 6.2 | i386 |
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Update Support from RHUI | 6.2 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Update Support from RHUI | 6.2 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - AUS | 6.2 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- 389-ds-base-libs-1.2.9.14-1.el6_2.2.i686.rpm
- 389-ds-base-debuginfo-1.2.9.14-1.el6_2.2.i686.rpm
- 389-ds-base-1.2.9.14-1.el6_2.2.i686.rpm
- 389-ds-base-devel-1.2.9.14-1.el6_2.2.i686.rpm
- 389-ds-base-debuginfo-1.2.9.14-1.el6_2.2.x86_64.rpm
- 389-ds-base-1.2.9.14-1.el6_2.2.x86_64.rpm
- 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64.rpm
- 389-ds-base-1.2.9.14-1.el6_2.2.src.rpm
- 389-ds-base-devel-1.2.9.14-1.el6_2.2.x86_64.rpm
Fixes
(none)
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.