---

Home Security

Red Hat Security Advisory: Updated nss_ldap packages are now available.

By

Date: Fri, 27 Oct 2000 15:09 -0400
From: [email protected]
To: [email protected]
Subject: [RHSA-2000:024-02] Updated nss_ldap packages are now
available.

                   Red Hat, Inc. Security Advisory

Synopsis:          Updated nss_ldap packages are now available.
Advisory ID:       RHSA-2000:024-02
Issue date:        2000-10-27
Updated on:        2000-10-27
Product:           Red Hat Linux
Keywords:          N/A
Cross references:  N/A

1. Topic:

Updated nss_ldap packages are now available for Red Hat Linux
6.1, 6.2, and 7.

2. Relevant releases/architectures:

Red Hat Linux 6.1 – i386, alpha, sparc
Red Hat Linux 6.2 – i386, alpha, sparc
Red Hat Linux 7.0 – i386

3. Problem description:

A race condition has been found in the nss_ldap package. On a
system running nscd, a malicious user can cause the system to
hang.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):

11187 – nss_ldap-106 exposes shadow passwords when nscd
active
19923 – nss_ldap has a bug that can deadlock a machine

6. RPMs required:

Red Hat Linux 6.1:

alpha:
ftp://updates.redhat.com/6.1/alpha/nss_ldap-122-1.6.alpha.rpm

sparc:
ftp://updates.redhat.com/6.1/sparc/nss_ldap-122-1.6.sparc.rpm

i386:
ftp://updates.redhat.com/6.1/i386/nss_ldap-122-1.6.i386.rpm

sources:
ftp://updates.redhat.com/6.1/SRPMS/nss_ldap-122-1.6.src.rpm

Red Hat Linux 6.2:

alpha:
ftp://updates.redhat.com/6.2/alpha/nss_ldap-122-1.6.alpha.rpm

sparc:
ftp://updates.redhat.com/6.2/sparc/nss_ldap-122-1.6.sparc.rpm

i386:
ftp://updates.redhat.com/6.2/i386/nss_ldap-122-1.6.i386.rpm

sources:
ftp://updates.redhat.com/6.2/SRPMS/nss_ldap-122-1.6.src.rpm

Red Hat Linux 7.0:

i386:
ftp://updates.redhat.com/7.0/i386/nss_ldap-122-1.7.i386.rpm

sources:
ftp://updates.redhat.com/7.0/SRPMS/nss_ldap-122-1.7.src.rpm

7. Verification:

MD5 sum                           Package Name

d6ccb0a79d788abc6b82be62981582dd 6.1/SRPMS/nss_ldap-122-1.6.src.rpm
08d8e980347fe7d81e29e1ca27e7cb09 6.1/alpha/nss_ldap-122-1.6.alpha.rpm
4d47831ae8516106392e74f5e1f2fd02 6.1/i386/nss_ldap-122-1.6.i386.rpm
f12cc2e7f9ab1c5faed9c647bfcbab03 6.1/sparc/nss_ldap-122-1.6.sparc.rpm
d6ccb0a79d788abc6b82be62981582dd 6.2/SRPMS/nss_ldap-122-1.6.src.rpm
08d8e980347fe7d81e29e1ca27e7cb09 6.2/alpha/nss_ldap-122-1.6.alpha.rpm
4d47831ae8516106392e74f5e1f2fd02 6.2/i386/nss_ldap-122-1.6.i386.rpm
f12cc2e7f9ab1c5faed9c647bfcbab03 6.2/sparc/nss_ldap-122-1.6.sparc.rpm
7d3dedc08a5db1c30964389a8a3493ab 7.0/SRPMS/nss_ldap-122-1.7.src.rpm
95337178e79472118cf33b0584462679 7.0/i386/nss_ldap-122-1.7.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg <filename>

8. References:

N/A

Copyright(c) 2000 Red Hat, Inc.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.