ELSA-2008-0389 - nss_ldap security and bug fix update
| Type: | SECURITY |
| Severity: | LOW |
| Release Date: | 2008-05-30 |
Description
[253-12]
- rebuild
[253-11]
- backport changes to group parsing from version 254 to fix heap corruption
when parsing nested groups (#444031)
[253-10]
- remove unnecessary nss_ldap linkage to libnsl (part of #427370)
[253-9]
- rebuild
[253-8]
- incorporate Tomas Janouseks fix to prevent re-use of connections across
fork() (#252337)
[253-7]
- add keyutils-libs-devel and libselinux-devel as a buildrequires: in order to
static link with newer Kerberos (#427370)
[253-6]
- suppress password-expired errors encountered during referral chases during
modify requests (#335661)
- interpret server-supplied policy controls when chasing referrals, so that
we dont give up when following a referral for a password change after
reset (#335661)
- dont attempt to change the password using ldap_modify if the password
change mode is 'exop_send_old' (we already didnt for 'exop') (#364501)
- dont drop the supplied password if the directory server indicates that
the password needs to be changed because its just been reset: we may need
it to chase a referral later (#335661)
- correctly detect libresolv and build a URI using discovered settings, so that
server discovery can work again (#254172)
- honor the 'port' setting again by correctly detecting when a URI doesnt
already specify one (#326351)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 5 (i386) | nss_ldap-253-12.el5.src.rpm | 2ebf43a6396428ac3ae56deed2269a1c | ELBA-2015-1099 |
| nss_ldap-253-12.el5.i386.rpm | ecc93cef98b9d901f426366d1888740e | ELBA-2015-1099 |
|
| Oracle Linux 5 (x86_64) | nss_ldap-253-12.el5.src.rpm | 2ebf43a6396428ac3ae56deed2269a1c | ELBA-2015-1099 |
| nss_ldap-253-12.el5.i386.rpm | ecc93cef98b9d901f426366d1888740e | ELBA-2015-1099 |
| nss_ldap-253-12.el5.x86_64.rpm | 7ab21574b2b27e81b2d408712c7e9f92 | ELBA-2015-1099 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
