Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHBA-2015:0006-01

Overview

Id RHBA-2015:0006-01
Name Red Hat 2015:0006-01 RHBA nss_db bug fix update for RHEL 5 x86_64
Vendor Name red_hat
Product None
Content Type Recommended Recommended
Language(s)
Operating System(s) Linux 
Released On 05 Jan 2015 12:00:00

RHBA-2015:0006-01

Red Hat 2015:0006-01 RHBA nss_db bug fix update for RHEL 5 x86_64

Vendor Name

red_hat

Product

None

Released On

05 Jan 2015 12:00:00

Url

https://rhn.redhat.com/errata/RHBA-2015-0006.html

Description

LSAC(v2)
The nss_db packages provide a plug-in which allows libc, and in turn applications, to read information about users, groups, and other information from local database files which might otherwise need to be read from the unindexed text-like databases which are typically stored under the /etc directory on a host, or from remote servers. This update fixes the following bug: * Due to a programming error, the plug-in provided by the nss_db package leaked the memory used to hold a copy of a database file name whenever an application caused a database to be opened. Among the libc functions back-ended by nss_db which attempted to open databases, and thus could leak if they succeeded, were: getaliasbyname(), getgrgid(), getgrnam(), getprotobyname(), getprotobynumber(), getpwnam(), getpwuid(), getrpcbyname(), getrpcbynumber(), getservbyname(), getservbyport(), getspnam(), getgrouplist(), setaliasent(), setetherent(), setgrent(), setnetgrent(), setprotoent(), setpwent(), setrpcent(), setservent(), and setspent(). A patch has been provided to fix this bug, and debugging оr tracing no longer demonstrates the memory leak when calling the above listed functions. (BZ#1163493) Users of nss_db are advised to upgrade to these updated packages, which fix this bug.

Related Resources

Related Vulnerabilities

None

Related Patches

Superseded Patches

None


Last Updated: 27 May 2016 11:20:29