RHBA-2010:0538 - Bug Fix Advisory

Topic

An updated nss_ldap package is now available.

Description

The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap
module is a plug-in which allows applications to retrieve information about
users and groups from a directory server.

This updated nss_ldap package fixes the following bugs:

• under certain circumstances, the nss_ldap module may have caused the

application to leak file descriptors. As a result, the number of open sockets
could reach the maximum limit of 1024. With this update, this error has been
fixed, and file descriptors are no longer leaking. (BZ#584499)

• previously, enabling the "nss_connect_policy oneshot" option in the

/etc/ldap.conf configuration file may have caused the "id <username>" command to
exit with the following error message:

ldap_result: Assertion `ld != ((void *)0)' failed.

With this update, enabling "nss_connect_policy oneshot" works as expected, and
running the id command no longer fails. (BZ#584502)

• in certain cases, nss_ldap may have failed to get a response from the

Lightweight Directory Access Protocol (LDAP) server, making the client
temporarily unable to query it. This error has been fixed, and getting a
response from the server now works as expected. (BZ#602964)

• being built without the Internet Protocol version 6 (IPv6) support, when the

"gethostbyname2()" function was used, nss_ldap used to return the Internet
Protocol version 4 (IPv4) address even though the IPv6 had been requested. With
this update, nss_ldap produces the expected output. (BZ#602966)

All users of nss_ldap are advised to upgrade to this updated package, which
resolves these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc

Fixes

• BZ - 584499 - nscd with nss_ldap leaks file descriptors
• BZ - 584502 - nss_ldap bug causes nscd to crash with `ldap_result: Assertion `ld != ((void *)0)' failed.'
• BZ - 602964 - nss_ldap client does not seem to get a response from ldap server
• BZ - 602966 - gethostbyname2 queried with AF_INET6 (IPv6) return ok with IPv4 address

CVEs

(none)

References

(none)