- Issued:
- 2013-01-07
- Updated:
- 2013-01-07
RHBA-2012:1144 - libuser bug fix update
Synopsis
libuser bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated libuser packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
Description
The libuser packages provide a library to implement a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included.
This update fixes the following bugs:
-
Prior to this update, libuser could not signal the name service caching daemon (nscd) to refresh the cache. As a consequence, delays in the name service could occur when the user account information was changed. With this update, the libuser signals nscd to rebuild its cache. Now, changes that affect the name service take effect more quickly.(BZ#506628)
-
Prior to this update, libuser used the value of the "gecos" attribute for the "cn" attribute by default when creating a user account with the Lightweight Directory Access Protocol (LDAP). As a consequence, an invalid value for "cn" was used and the user account was not created if the "gecos" attribute was empty. With this update, the user name of the account is stored in the "cn" attribute if the "gecos" attribute is empty, thus allowing successful creation of the user account. (BZ#670279)
-
Prior to this update, libuser could attempt to access unallocated virtual memory when searching for account information in files of certain sizes. As a consequence, libuser could terminate unexpectedly with a segmentation fault when looking for user or group account information. This update modifies modifies the libuser library to only access memory related to the file being processed. (BZ#758117)
All users of libuser are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- libuser-debuginfo-0.54.7-3.el5.ppc64.rpm
- libuser-0.54.7-3.el5.x86_64.rpm
- libuser-debuginfo-0.54.7-3.el5.s390.rpm
- libuser-devel-0.54.7-3.el5.s390x.rpm
- libuser-0.54.7-3.el5.s390x.rpm
- libuser-0.54.7-3.el5.i386.rpm
- libuser-devel-0.54.7-3.el5.i386.rpm
- libuser-debuginfo-0.54.7-3.el5.i386.rpm
- libuser-devel-0.54.7-3.el5.ppc.rpm
- libuser-0.54.7-3.el5.ppc64.rpm
- libuser-devel-0.54.7-3.el5.x86_64.rpm
- libuser-0.54.7-3.el5.ia64.rpm
- libuser-debuginfo-0.54.7-3.el5.ppc.rpm
- libuser-devel-0.54.7-3.el5.s390.rpm
- libuser-devel-0.54.7-3.el5.ia64.rpm
- libuser-debuginfo-0.54.7-3.el5.s390x.rpm
- libuser-0.54.7-3.el5.src.rpm
- libuser-0.54.7-3.el5.s390.rpm
- libuser-devel-0.54.7-3.el5.ppc64.rpm
- libuser-debuginfo-0.54.7-3.el5.x86_64.rpm
- libuser-0.54.7-3.el5.ppc.rpm
- libuser-debuginfo-0.54.7-3.el5.ia64.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.