From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10 Description of problem: The cyrus-sasl-2.1.15-9 update from today causes crashes in all authentication processes such as ssh, su, sudo, etc when pam is configured to look up user accounts and passwords in ldap. Replacing 2.1.15-9 with 2.1.15-8 fixes the problem. All accounts on the machines are affected, not just accounts stored in ldap. Version-Release number of selected component (if applicable): cyrus-sasl-2.1.15-9 How reproducible: Always Steps to Reproduce: 1. Upgrade to cyrus-sasl-2.1.15-9 2. Run /bin/su Actual Results: su crashes with a segmentation fault Additional info: We have our ldap set to use tls to talk to the server. Removing the ldap lines from /etc/pam.d/system-auth definitely stops the crashes. I have not tested if just removing the tls part fixes it. The top 6 stack frames from a core dump of su are: #0 0x002b61e1 in _sasl_getcallback () from /usr/lib/libsasl.so.7 #1 0x002baf46 in _sasl_get_mech_list () from /usr/lib/libsasl.so.7 #2 0x002b976d in sasl_client_new () from /usr/lib/libsasl.so.7 #3 0x00e18891 in ldap_int_sasl_init () from /usr/lib/libldap.so.2 #4 0x00e28b1c in ldap_int_initialize () from /usr/lib/libldap.so.2 #5 0x00e29150 in ldap_set_option () from /usr/lib/libldap.so.2 #6 0x0011b79d in ?? () from /lib/security/pam_ldap.so Following that are about 550 lines similar to #6. I can post the full backtrace if needed.
It breaks /usr/bin/ldapsearch too. Anonymous lookups segfault before returning any results.
Update in progress
We had much the same problem, but we aren't using LDAP for anything. Sendmail, upon being killed and restarted, would segfault until we downgraded to -8 of the cyrus-sasl package.
Yeah we are not using ldap here and sendmail crapped on itself after the cyrus-sasl upgrade. The queue runner would start, but the actual daemon would not. It would just segfault like the previoud poster said. We also had to downgrade to -8 for sendmail to work again. It hasn't affected anything else but sendmail as far as I can tell...
Revised packages are currently undergoing QA
(Note this flaw only affects the RHEL 3 cyrus-sasl packages, the RHEL 2.1 packages contained a correct patch)
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-546.html
*** Bug 135056 has been marked as a duplicate of this bug. ***