From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914
Description of problem:
The cyrus-sasl-2.1.15-9 update from today causes crashes in all
authentication processes such as ssh, su, sudo, etc when pam is
configured to look up user accounts and passwords in ldap. Replacing
2.1.15-9 with 2.1.15-8 fixes the problem. All accounts on the
machines are affected, not just accounts stored in ldap.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Upgrade to cyrus-sasl-2.1.15-9
2. Run /bin/su
Actual Results: su crashes with a segmentation fault
We have our ldap set to use tls to talk to the server. Removing the
ldap lines from /etc/pam.d/system-auth definitely stops the crashes.
I have not tested if just removing the tls part fixes it.
The top 6 stack frames from a core dump of su are:
#0 0x002b61e1 in _sasl_getcallback () from /usr/lib/libsasl.so.7
#1 0x002baf46 in _sasl_get_mech_list () from /usr/lib/libsasl.so.7
#2 0x002b976d in sasl_client_new () from /usr/lib/libsasl.so.7
#3 0x00e18891 in ldap_int_sasl_init () from /usr/lib/libldap.so.2
#4 0x00e28b1c in ldap_int_initialize () from /usr/lib/libldap.so.2
#5 0x00e29150 in ldap_set_option () from /usr/lib/libldap.so.2
#6 0x0011b79d in ?? () from /lib/security/pam_ldap.so
Following that are about 550 lines similar to #6. I can post the full
backtrace if needed.
It breaks /usr/bin/ldapsearch too. Anonymous lookups segfault before
returning any results.
Update in progress
We had much the same problem, but we aren't using LDAP for anything.
Sendmail, upon being killed and restarted, would segfault until we
downgraded to -8 of the cyrus-sasl package.
Yeah we are not using ldap here and sendmail crapped on itself after
the cyrus-sasl upgrade. The queue runner would start, but the actual
daemon would not. It would just segfault like the previoud poster
said. We also had to downgrade to -8 for sendmail to work again. It
hasn't affected anything else but sendmail as far as I can tell...
Revised packages are currently undergoing QA
(Note this flaw only affects the RHEL 3 cyrus-sasl packages, the RHEL
2.1 packages contained a correct patch)
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
*** Bug 135056 has been marked as a duplicate of this bug. ***