Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHBA-2013:0085-01

Overview

Id RHBA-2013:0085-01
Name Red Hat 2013:0085-01 RHBA nss_ldap bug fix update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Recommended Recommended
Language(s)
Operating System(s) Linux 
Released On 07 Jan 2013 12:00:00

RHBA-2013:0085-01

Red Hat 2013:0085-01 RHBA nss_ldap bug fix update for RHEL 5 x86

Vendor Name

red_hat

Product

None

Released On

07 Jan 2013 12:00:00

Url

https://rhn.redhat.com/errata/RHBA-2013-0085.html

Description

LSAC(v2)
The nss_ldap packages contain the nss_ldap and pam_ldap modules. The nss_ldap module is a name service switch module which allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows a directory server to be used by PAM-aware applications to verify user passwords. This update fixes the following bugs: * When parsing an ldap.conf file that contained a host and a port definition, the nss_ldap "do_add_hosts()" function always created a URI starting with "ldap://" regardless of SSL being enabled. Consequently, when the response included an "ldaps://..." referral to the same server and port, the libldap library considered this to be a different scheme ("ldaps" vs. the initial "ldap") and opened new connections for each referral lookup instead of reusing the existing persistent connection. The code has been improved and now when the SSL option is enabled the initial URI will be in the format "ldaps://...". As a result, nss_ldap now correctly uses the LDAPS scheme with SSL connections. (BZ#761281) * Due to a regression in the configuration parser, the "do_readline()" function did not return the correct exit code when the last line of "/etc/ldap.secret" did not contain a newline. Consequently, the nss_ldap module failed to bind to the LDAP server. With this update the parser now returns the correct exit code when parsing /etc/ldap.secret and nss_ldap works as expected in the scenario described. (BZ#797410) * The nss_ldap module used to leak memory when an entry that did not exist on the remote server was requested. The memory leak has been fixed by freeing an internal search structure even in cases where the search does not finish successfully. (BZ#835555) All users of nss_ldap are advised to upgrade to these updated packages, which fix these bugs.

Related Resources

Related Vulnerabilities

None

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:16:12