Moderate nss_ldap security update

ID ELSA-2006-0719
Type oraclelinux
Reporter Oracle
Modified 2006-11-30T00:00:00


[226-17] - temporarily disable fixes for #190256 and #206438 for security update

[226-16] - include backported fix for off-by-one crasher in various result parsing functions (Carsten Clashom, #206438)

[226-15] - don't suppress policy errors encountered during authentication if the specific policy error isn't one which the PAM spec indicates should be reported during account management (CVE-2006-5170, #207286, upstream #291)

[226-14] - return PAM_NEW_AUTHTOK_REQD instead of PAM_PERM_DENIED in case of a POLICY_ERROR_CHANGE_AFTER_RESET policy response from the server (#190256)