RHBA-2012:0205 - Bug Fix Advisory

Topic

An updated ypserv package that fixes various bugs and adds one enhancement is
now available for Red Hat Enterprise Linux 5.

Description

The ypserv utility provides network information (login names, passwords, home
directories, group information) to all of the machines on a network. It can
enable users to log in on any machine on the network as long as the machine has
the Network Information Service (NIS) client programs running and the user's
password is recorded in the NIS passwd database. NIS was formerly known as Sun
Yellow Pages (YP).

This update fixes the following bugs:

• Previously, the rpc.yppasswdd daemon reported success even if the daemon was

not able to write into a shadow file (for example, because of the incorrect
SELinux context). With this update, an error is logged in syslog, and
rpc.yppasswdd now reports failure in the described scenario. (BZ#747317)

• Due to the invalid ypdb_close() call, ypserv's virtual memory could in rare

cases grow to a large size. As a consequence, ypserv failed to respond to
Network Information Service (NIS) queries and had to be restarted. This update
removes the invalid ypdb_close() call so that the amount of memory used remains
at a reasonable size. (BZ#403621)

• Previously, when the user updated the ypserv package, the file

/var/yp/Makefile was replaced, and any changes that the user had made in this
file were overwritten. The file is now regarded as a config file, and is no
longer replaced so that user's changes are preserved. (BZ#481780)

• Due to a string concatenation error in the code, running the "yppasswdd"

command with the "-x" option in order to pass data to an external program to
update the source files and maps, could have caused garbage characters to be
inserted in front of the username. This caused the output to become unparseable.
With this update, the operation is changed to a string-copy, so that the
username is no longer corrupted when using the "-x" option. (BZ#681699)

• Previously, error messages of the rpc.yppasswdd utility were unclear when

running the "yppasswdd" command with the "-x" option in order to pass data to an
external program. This update adds quotation marks to error messages so that
they can be easily read. (BZ#695754)

• Previously, there was no reference to the YPSERV_ARGS and YPXFRD variables in

the sysconfig.txt file, neither in the ypserv manual pages. This update adds the
YPSERV_ARGS and YPXFRD usage information to the ypserv manual pages. (BZ#699662)

• Prior to this update, the ypserv package did not contain a file describing

what license the software used. This update adds the COPYING file which contains
the license information. (BZ#707195)

• Previously, the yppush(8) manual page did not describe how to force the yppush

utility to use a static port. The yppush(8) manual page has been modified to
mention that the static port number can be set in /var/yp/Makefile. (BZ#712239)

• Prior to this update, the root user could see old passwords of other users.

This was caused by a change request being logged using syslog when running the
"yppaswdd" command with the "-x" option to pass data to an external program.
With this update, the old password hash and the new password hash are cleared in
syslog and the root user can no longer view the old passwords of other users.
(BZ#743587)

This update also adds the following enhancements:

• Prior to this update, users were not able to change their passwords by running

the "yppasswd" command if using the passwd.adjunct file, which prevents
disclosing the encrypted passwords. With this update, users are now able to
change their passwords. (BZ#679848)

All users of ypserv are advised to upgrade to this updated package, which fixes
these bugs and provides this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 403621 - ypserv excessive vsize
• BZ - 481780 - ypserv replaces /var/yp/Makefile
• BZ - 681699 - yppasswdd -x has garbage prefixed to username
• BZ - 695754 - rpc.yppasswd returns epmty string instead of error messages
• BZ - 699662 - There is no references for some variables in documentation sysconfig.txt
• BZ - 707195 - Missing file COPYING in the ypserv package
• BZ - 712239 - Timeout with yppush and iptables enabled pushing maps to NIS slave server
• BZ - 747317 - yppasswdd returns success when /etc/passwd.adjunct is not writable

CVEs

(none)

References

(none)