RHBA-2009:1527 - Bug Fix Advisory

Topic

An updated nss_ldap package is now available for Red Hat Enterprise Linux 5.

Description

The nss_ldap package includes two LDAP access clients: nss_ldap and
pam_ldap. nss_ldap is a plugin for the standard C library which allows
applications to look up information about users and groups using a
directory server. The pam_ldap module is a Pluggable Authentication Module
(PAM) which provides for authentication, authorization and password
changing against LDAP servers.

This update fixes the following bug in the nss_ldap module:

• a NULL value was incorrectly assigned to an ldap_parse_result argument if

the bind operation timed out. Consequently, if the nss_ldap module was
configured to encrypt traffic to the directory server using the "ssl
start_tls" option and TLS negotiation took longer than the "bind_timelimit"
value set in /etc/ldap.conf, the client module would crash with an
Assertion error. With this update, the ldap_parse_result argument is not
set to NULL if the bind operation times out and the Assertion error no
longer occurs. (BZ#529376)

Note: The default bind_timelimit is 30 seconds and this bug did not
normally trigger unless the value was set to less than this default.
Further, it was possible to workaround this issue by increasing the
bind_timelimit (for example, to 60 seconds). This only masked the
underlying issue, however.

All nss_ldap users are advised to upgrade to this updated package, which
resolves this issue.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 ia64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 529376 - Random Assertion `r != ((void *)0)' failed.

CVEs

(none)

References

(none)