Features Download
From: Errata Announcements for Oracle Linux <el-errata <at> oss.oracle.com>
Subject: ELSA-2013-0503 Moderate: Oracle Linux 6 389-ds-base security, bug fix, and enhancement update
Newsgroups: gmane.linux.oracle.el-errata
Date: Monday 25th February 2013 18:27:22 UTC (over 3 years ago)
Oracle Linux Security Advisory ELSA-2013-0503


The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:




Description of changes:

- Resolves: Bug 896256 - updating package touches configuration files

- Resolves: Bug 889083 - For modifiersName/internalModifiersName 
feature, internalModifiersname is not working for DNA plugin

- Resolves: Bug 891930 - DNA plugin no longer reports additional info 
when range is depleted

- Resolves: Bug 887855 - RootDN Access Control plugin is missing after 
upgrade from RHEL63 to RHEL64

- Resolves: Bug 830355 - [RFE] improve cleanruv functionality
- Resolves: Bug 876650 - Coverity revealed defects
- Ticket #20 - [RFE] Allow automember to work on entries that have 
already been added (Bug 768084)
- Resolves: Bug 834074 - [RFE] Disable replication agreements
- Resolves: Bug 878111 - ns-slapd segfaults if it cannot rename the logs

- Resolves: Bug 880305 - spec file missing dependencies for x86_64 
-   use perl-Socket6 on RHEL6

- Resolves: Bug 880305 - spec file missing dependencies for x86_64 

- Resolves: Bug 868841 - Newly created users with organizationalPerson 
objectClass fails to sync from AD to DS with missing attribute error
- Resolves: Bug 868853 - Winsync: DS error logs report wrong version of 
Windows AD when winsync is configured.
- Resolves: Bug 875862 - crash in DNA if no dnamagicregen is specified
- Resolves: Bug 876694 - RedHat Directory Server crashes (segfaults) 
when moving ldap entry
- Resolves: Bug 876727 - Search with a complex filter including range 
search is slow
- Ticket #495 - internalModifiersname not updated by DNA plugin (Bug

- Resolves: Bug 870158 - slapd entered to infinite loop during new index 
- Resolves: Bug 870162 - Cannot abandon simple paged result search
- c970af0 Coverity defects
- 1ac087a Fixing compiler warnings in the posix-winsync plugin
- 2f960e4 Coverity defects
- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes

- Resolves: Bug 834063 [RFE] enable attribute that tracks when a 
password was last set on an entry in the LDAP store; Ticket #478 
passwordTrackUpdateTime stops working with subtree password policies
- Resolves: Bug 847868 [RFE] support posix schema for user and group 
sync; Ticket #481 expand nested posix groups
- Resolves: Bug 860772 Change on SLAPI_MODRDN_NEWSUPERIOR is not 
evaluated in acl
- Resolves: Bug 863576 Dirsrv deadlock locking up IPA
- Resolves: Bug 864594 anonymous limits are being applied to directory 

- Resolves: Bug 856657 dirsrv init script returns 0 even when few or all 
instances fail to start
- Resolves: Bug 858580 389 prevents from adding a posixaccount with 
userpassword after schema reload

- Resolves: Bug 852202 Ipa master system initiated more than a dozen 
simultaneous replication sessions, shut itself down and wiped out its db
- Resolves: Bug 855438 CLEANALLRUV task gets stuck on winsync 
replication agreement

- Resolves: Bug 847868 [RFE] support posix schema for user and group sync
-  fix upgrade issue with plugin config schema
-  posix winsync has default plugin precedence of 25

- Resolves: Bug 800051 Rebase 389-ds-base to 1.2.11
- Resolves: Bug 742054 SASL/PLAIN binds do not work
- Resolves: Bug 742381 MOD operations with chained delete/add get back 
error 53 on backend config
- Resolves: Bug 746642 [RFE] define pam_passthru service per subtree
- Resolves: Bug 757836 logconv.pl restarts count on conn=0 instead of
- Resolves: Bug 768084 [RFE] Allow automember to work on entries that 
have already been added
- Resolves: Bug 782975 krbExtraData is being null modified and 
replicated on each ssh login
- Resolves: Bug 803873 Sync with group attribute containing () fails
- Resolves: Bug 818762 winsync should not delete entry that appears to 
be out of scope
- Resolves: Bug 830001 unhashed#user#password visible after changing 
password [rhel-6.4]
- Resolves: Bug 830256 Audit log - clear text password in user changes
- Resolves: Bug 830331 ns-slapd exits/crashes if /var fills up
- Resolves: Bug 830334 Invalid chaining config triggers a disk full 
error and shutdown
- Resolves: Bug 830335 restore of replica ldif file on second master 
after deleting two records shows only 1 deletion
- Resolves: Bug 830336 db deadlock return should not log error
- Resolves: Bug 830337 usn + mmr = deletions are not replicated
- Resolves: Bug 830338 Change DS to purge ticket from krb cache in case 
of authentication error
- Resolves: Bug 830340 Make the CLEANALLRUV task one step
- Resolves: Bug 830343 managed entry sometimes doesn't delete the 
managed entry
- Resolves: Bug 830344 [RFE] Improve replication agreement status messages
- Resolves: Bug 830346 ADD operations not in audit log
- Resolves: Bug 830347 389 DS does not support multiple paging controls 
on a single connection
- Resolves: Bug 830348 Slow shutdown when you have 100+ replication 
- Resolves: Bug 830349 cannot use & in a sasl map search filter
- Resolves: Bug 830353 valgrind reported memleaks and mem errors
- Resolves: Bug 830355 [RFE] improve cleanruv functionality
- Resolves: Bug 830356 coverity 12625-12629 - leaks, dead code, 
unchecked return
- Resolves: Bug 832560 [abrt] 389-ds-base- 
slapi_attr_value_cmp: Process /usr/sbin/ns-slapd was killed by signal 11 
- Resolves: Bug 833202 transaction retries need to be cache aware
- Resolves: Bug 833218 ldapmodify returns Operations error
- Resolves: Bug 833222 memberOf attribute and plugin behaviour between 
- Resolves: Bug 834046 [RFE] Add nsTLS1 attribute to schema and 
objectclass nsEncryptionConfig
- Resolves: Bug 834047 Fine Grained Password policy: if passwordHistory 
is on, deleting the password fails.
- Resolves: Bug 834049 [RFE] Add schema for DNA plugin
- Resolves: Bug 834052 [RFE] limiting Directory Manager (nsslapd-rootdn) 
bind access by source host (e.g.
- Resolves: Bug 834053 [RFE] Plugins - ability to control behavior of 
- Resolves: Bug 834054 Should only update modifyTimestamp/modifiersName 
on MODIFY ops
- Resolves: Bug 834056 Automembership plugin fails in a MMR setup, if 
data and config area mixed in the plugin configuration
- Resolves: Bug 834057 ldap-agent crashes on start with signal SIGSEGV
- Resolves: Bug 834058 [RFE] logconv.pl : use of getopts to parse 
commandline options
- Resolves: Bug 834060 passwordMaxFailure should lockout password one 
sooner - and should be configurable to avoid regressions
- Resolves: Bug 834061 [RFE] RHDS: Implement SO_KEEPALIVE in network calls.
- Resolves: Bug 834063 [RFE] enable attribute that tracks when a 
password was last set on an entry in the LDAP store
- Resolves: Bug 834064 dnaNextValue gets incremented even if the user 
addition fails
- Resolves: Bug 834065 Adding Replication agreement should complain if 
required nsds5ReplicaCredentials not supplied
- Resolves: Bug 834074 [RFE] Disable replication agreements
- Resolves: Bug 834075 logconv.pl reporting unindexed search with 
different search base than shown in access logs
- Resolves: Bug 835238 Account Usability Control Not Working
- Resolves: Bug 836386 slapi_ldap_bind() doesn't check bind results
- Resolves: Bug 838706 referint modrdn not working if case is different
- Resolves: Bug 840153 Impossible to rename entry (modrdn) with 
Attribute Uniqueness plugin enabled
- Resolves: Bug 841600 Referential integrity plug-in does not work when 
update interval is not zero
- Resolves: Bug 842437 dna memleak reported by valgrind
- Resolves: Bug 842438 Report during startup if nsslapd-cachememsize is 
too small
- Resolves: Bug 842440 memberof performance enhancement
- Resolves: Bug 842441 "Server is unwilling to perform" when running 
ldapmodify on nsds5ReplicaStripAttrs
- Resolves: Bug 847868 [RFE] support posix schema for user and group sync
- Resolves: Bug 850683 nsds5ReplicaEnabled can be set with any invalid 
- Resolves: Bug 852087 [RFE] add attribute nsslapd-readonly so we can 
reference it in acis
- Resolves: Bug 852088 server to server ssl client auth broken with 
latest openldap
- Resolves: Bug 852839 variable dn should not be used in ldbm_back_delete
CD: 3ms