- Issued:
- 2013-01-07
- Updated:
- 2013-01-07
RHBA-2013:0085 - nss_ldap bug fix update
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated nss_ldap packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
Description
The nss_ldap packages contain the nss_ldap and pam_ldap modules. The nss_ldap module is a name service switch module which allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows a directory server to be used by PAM-aware applications to verify user passwords.
This update fixes the following bugs:
-
When parsing an ldap.conf file that contained a host and a port definition, the nss_ldap "do_add_hosts()" function always created a URI starting with "ldap://" regardless of SSL being enabled. Consequently, when the response included an "ldaps://..." referral to the same server and port, the libldap library considered this to be a different scheme ("ldaps" vs. the initial "ldap") and opened new connections for each referral lookup instead of reusing the existing persistent connection. The code has been improved and now when the SSL option is enabled the initial URI will be in the format "ldaps://...". As a result, nss_ldap now correctly uses the LDAPS scheme with SSL connections. (BZ#761281)
-
Due to a regression in the configuration parser, the "do_readline()" function did not return the correct exit code when the last line of "/etc/ldap.secret" did not contain a newline. Consequently, the nss_ldap module failed to bind to the LDAP server. With this update the parser now returns the correct exit code when parsing /etc/ldap.secret and nss_ldap works as expected in the scenario described. (BZ#797410)
-
The nss_ldap module used to leak memory when an entry that did not exist on the remote server was requested. The memory leak has been fixed by freeing an internal search structure even in cases where the search does not finish successfully. (BZ#835555)
All users of nss_ldap are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- nss_ldap-253-51.el5.x86_64.rpm
- nss_ldap-debuginfo-253-51.el5.s390.rpm
- nss_ldap-253-51.el5.s390.rpm
- nss_ldap-debuginfo-253-51.el5.s390x.rpm
- nss_ldap-debuginfo-253-51.el5.x86_64.rpm
- nss_ldap-debuginfo-253-51.el5.ia64.rpm
- nss_ldap-debuginfo-253-51.el5.i386.rpm
- nss_ldap-253-51.el5.i386.rpm
- nss_ldap-253-51.el5.s390x.rpm
- nss_ldap-253-51.el5.src.rpm
- nss_ldap-253-51.el5.ppc64.rpm
- nss_ldap-253-51.el5.ia64.rpm
- nss_ldap-253-51.el5.ppc.rpm
- nss_ldap-debuginfo-253-51.el5.ppc64.rpm
- nss_ldap-debuginfo-253-51.el5.ppc.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.