RHBA-2012:0821 - Bug Fix Advisory

Topic

Updated slapi-nis packages that fix multiple bugs and add various enhancements
are now available for Red Hat Enterprise Linux 6.

Description

The slapi-nis packages contain the NIS server plug-in and the Schema
Compatibility plug-in for use with the 389 directory server.

The slapi-nis packages have been upgraded to upstream version 0.40, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#789152)

This update also fixes the following bugs:

• Prior to this update, the schema compatibility plug-in could, under certain

circumstances, leak memory when computing values for inclusion in the
constructed entries even if the relevant values were not changed. As a
consequence, the performance could decrease rapidly and all available memory was
consumed. This update modifies the underlying code so that the memory leaks no
longer occur. (BZ#784119)

• Prior to this update, the directory server could terminate unexpectedly when

processing a distinguished name if the relative distinguished name of a
compatibility entry contained an escaped special character. This update modifies
the plug-in so that special characters are now escaped when generating relative
distinguished name values. (BZ#800625)

• Prior to this update, padding values passed to %link were read as literal

values. As a consequence, the values could not use the "%ifeq" expression. This
update modifies the underlying code to treat the padding values as expressions
using the "%ifeq" expression. (BZ#809559)

This update also adds the following enhancement:

• Prior to this update, the plug-ins used the platform-neutral Netscape Portable

Runtime (NSPR) read-write locking APIs to manage some of their internal data.
This update modifies slapi-nis to use the locking functionality provided by the
directory server itself. (BZ#730434)

All users of slapi-nis are advised to upgrade to these updated packages, which
fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386

Fixes

• BZ - 730434 - use slapi_rwlock instead of NSPR PR_RWLock directly
• BZ - 784119 - schema compat is able to consume over 16 gigs of ram and crash the kernel
• BZ - 800625 - Bad netgroup name causes ns-slapd to segfault

CVEs

(none)

References

(none)