We had a compiling problem on the x86_64 rpm. It has been fixed and is working now. Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency. No code has been changed. The rpm's were only recompiled. SL 4.x SRPMS: nss_ldap-253-5.sl4.1.src.rpm i386: nss_ldap-253-5.sl4.1.i386.rpm x86_64: nss_ldap-253-5.sl4.1.i386.rpm nss_ldap-253-5.sl4.1.x86_64.rpm Troy Troy Dawson wrote: > Synopsis: Low: nss_ldap security and bug fix update > Issue date: 2008-07-24 > CVE Names: CVE-2007-5794 > > A race condition was discovered in nss_ldap, which affected certain > applications that make LDAP connections, such as Dovecot. This could cause > nss_ldap to answer a request for information about one user with the > information about a different user. (CVE-2007-5794) > > As well, this updated package fixes the following bugs: > > * in certain situations, on Itanium(R) architectures, when an application > performed an LDAP lookup for a highly populated group, for example, > containing more than 150 members, the application crashed, or may have > caused a segmentation fault. As well, this issue may have caused commands, > such as "ls", to return a "ber_free_buf: Assertion" error. > > * when an application enumerated members of a netgroup, the nss_ldap > module returned a successful status result and the netgroup name, even > when the netgroup did not exist. This behavior was not consistent with > other modules. In this updated package, nss_ldap no longer returns a > successful status when the netgroup does not exist. > > * in master and slave server environments, with systems that were > configured to use a read-only directory server, if user log in attempts > were denied because their passwords had expired, and users attempted to > immediately change their passwords, the replication server returned an LDAP > referral, instructing the pam_ldap module to resissue its request to a > different server; however, the pam_ldap module failed to do so. In these > situations, an error such as the following occurred: > > LDAP password information update failed: Can't contact LDAP server > Insufficient 'write' privilege to the 'userPassword' attribute of entry > [entry] > > In this updated package, password changes are allowed when binding against > a slave server, which resolves this issue. > > * when a system used a directory server for naming information, and > "nss_initgroups_ignoreusers root" was configured in "/etc/ldap.conf", > dbus-daemon-1 would hang. Running the "service messagebus start" command > did not start the service, and it did not fail, which would stop the boot > process if it was not cancelled. > > As well, this updated package upgrades nss_ldap to the version as shipped > with Scientific Linux 5. > > SL 4.x > > SRPMS: > nss_ldap-253-5.el4.src.rpm > i386: > nss_ldap-253-5.el4.i386.rpm > x86_64: > nss_ldap-253-5.el4.i386.rpm > nss_ldap-253-5.el4.x86_64.rpm > > -Connie Sieh > -Troy Dawson > > -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________