Issued:: 2015-07-22
Updated:: 2015-07-22

RHBA-2015:1326 - 389-ds-base bug fix and enhancement update

Synopsis

389-ds-base bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated 389-ds-base packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.

Description

The 389 Directory Server is an LDAPv3 compliant server. The base packages include the LDAP server and command-line utilities for server administration.

This update fixes the following bugs:

When a suffix-mapping tree entry was created without the corresponding back-end database, the server failed to start. This bug has been fixed. (BZ#1193243)
If a value of a password policy attribute was deleted, it caused a null reference and an unexpected termination of the server. These crashes no longer occur. (BZ#1145072)
This update fixes a memory leak caused by a previous patch for BZ#1080185. (BZ#1138745)
If a Virtual List View search fails with the timelimit or adminlimit parameters exceeded, the allocated memory of the IDL no longer leaks. (BZ#1048987)
If a search for "passwordAdminDN" in a "cn=config" entry returns a non-existing value, a memory leak no longer occurs. (BZ#1162704)
Rebuilding the Class of Service (CoS) cache no longer causes a memory leak. (BZ#1169975)
A bug in the nested CoS, when the closest above password policy was sometimes not selected as expected, has been fixed. (BZ#1115960)
When a SASL bind operation fails and Account Lockout is enabled, the Root DSE entry no longer gets incorrectly updated with passwordRetryCount. (BZ#1169974)
Password restrictions and syntax checks for Directory Manager and password administrators are now properly applied so that these roles are not affected by them. (BZ#1145379)
Performance degradation with searches in large groups has been fixed by introducing normalized DN cache. (BZ#1175868, BZ#1166313)
Due to a known vulnerability in SSLv3, this protocol is now disabled by default. (BZ#1153739)
This update adds the flow control so that unbalanced process speed between a supplier and a consumer does not cause replication to become unresponsive. (BZ#1207024)
A bug to replicate an "add: userPassword" operation has been fixed. (BZ#1171308)
A bug in the Windows Sync plug-in code caused AD-only member values to be accidentally removed. Now, local and remote entries are handled properly, preventing data loss. (BZ#1145374, BZ#1183820)
Performing a schema reload sometimes caused a running search to fail to return results. Now, the old schema is not removed until the reload is complete. The search results are no longer corrupted. (BZ#1144092)
The Berkeley DB library terminated unexpectedly when the Directory Server simultaneously opened an index file and performed a search on the "cn=monitor" subtree. The two operations are now mutually exclusive, which prevents the crash. (BZ#1203338)
When simple paged results requests were sent to the Directory Server asynchronously and then abandoned immediately, the search results could leak. Also, the implementation of simple paged results was not thread-safe. This update fixes the leak and modifies the code to be thread-safe. (BZ#1223068, BZ#1228402)

In addition, this update adds the following enhancements:

A new memberOf plug-in configuration attribute memberOfSkipNested has been added. This attribute allows you to skip the nested group check, which improves performance of delete operations. (BZ#1167976)
The Directory Server now supports TLS versions supported by the NSS library. (BZ#1118285)
The logconv.pl utility has been updated to include information about the SSL/TLS versions in the access log. (BZ#1193241)

Users of 389-ds-base are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the 389 server service will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Product	Version	Arch
Red Hat Enterprise Linux for Scientific Computing	6	x86_64
Red Hat Enterprise Linux Workstation	6	x86_64
Red Hat Enterprise Linux Workstation	6	i386
Red Hat Enterprise Linux Server	6	x86_64
Red Hat Enterprise Linux Server	6	i386
Red Hat Enterprise Linux Server from RHUI	6	x86_64
Red Hat Enterprise Linux Server from RHUI	6	i386
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support	6	i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension	6	i386
Red Hat Enterprise Linux Desktop	6	x86_64
Red Hat Enterprise Linux Desktop	6	i386

Updated Packages

389-ds-base-libs-1.2.11.15-60.el6.x86_64.rpm
389-ds-base-devel-1.2.11.15-60.el6.i686.rpm
389-ds-base-devel-1.2.11.15-60.el6.x86_64.rpm
389-ds-base-libs-1.2.11.15-60.el6.i686.rpm
389-ds-base-debuginfo-1.2.11.15-60.el6.x86_64.rpm
389-ds-base-1.2.11.15-60.el6.x86_64.rpm
389-ds-base-1.2.11.15-60.el6.i686.rpm
389-ds-base-1.2.11.15-60.el6.src.rpm
389-ds-base-debuginfo-1.2.11.15-60.el6.i686.rpm

Fixes

CVEs

(none)

References

(none)

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.