- Issued:
- 2005-05-19
- Updated:
- 2005-05-19
RHBA-2005:247 - Bug Fix Advisory
Synopsis
nss_ldap bug fix update
Type/Severity
Bug Fix Advisory
Topic
An updated nss_ldap package that fixes a SIGPIPE bug as well as an error
when changing user passwords via replica servers is now available.
Description
The nss_ldap module is an extension for use with GNU libc which allows
applications to, without internal modification, consult a directory service
using LDAP to supplement information which would be read from local files
such as /etc/passwd, /etc/group, and /etc/shadow.
If a directory server becomes unavailable while a client is connected, the
client may receive a SIGPIPE signal when it attempts to issue a new search
request to the directory server. For applications where this is not
expected, this can cause the application to exit abnormally.
This update contains a backported fix, preventing this error from occurring.
- ----
The pam_ldap module allows PAM-enabled applications to authenticate users
using a directory service.
When the pam_ldap module attempts to change a user's password by connecting
to a replica server, the replica server returns a referral record. This in
turn directs the client to make the change on a server which contains a
writable copy of an entry which corresponds to the user. If the entry is a
shadowAccount object, pam_ldap attempts to modify the entry's
shadowLastChanged attribute to hold the current date. Previously, when the
module attempted to authenticate to the server to make this change, it
would attempt to authenticate using the user's previous password, which
ultimately resulted in the change failing to be made.
This update includes a backported fix, preventing this error from occurring.
All users of nss_ldap should upgrade to this updated package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 134567 - nss_ldap improperly masks SIGPIPE when doing LDAP ops
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.