790913 – NSS_Init* functions are not thread safe

Bug 790913 - NSS_Init* functions are not thread safe

Summary: NSS_Init* functions are not thread safe

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	openldap
Sub Component:
Version:	6.1
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Synacek
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:	731168
Blocks:	788730
TreeView+	depends on / blocked

Reported:	2012-02-15 17:30 UTC by RHEL Program Management
Modified:	2018-11-27 20:46 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Mozilla NSS initialization functions are not implemented in a thread-safe way. Therefore, if multiple TLS operations were performed simultaneously on an LDAP server, a race condition between the TLS threads could occur. Consequently, the LDAP server terminated unexpectedly with a segmentation fault. With this update, a mutual exclusion (mutex) for Mozilla NSS initialization functions calls has been added to the code, which prevents this situation from occurring. The LDAP server no longer crashes when initializing a TLS connection.
Clone Of:
Environment:
Last Closed:	2012-04-05 07:12:26 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0453	0	normal	SHIPPED_LIVE	openldap bug fix update	2012-04-05 11:11:17 UTC

Description RHEL Program Management 2012-02-15 17:30:01 UTC

This bug has been copied from bug #731168 and has been proposed
to be backported to 6.1 z-stream (EUS).

Comment 7 Miroslav Svoboda 2012-03-15 13:28:18 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Mozilla NSS initialization functions are not implemented in a thread-safe way. Therefore, if multiple TLS operations were performed simultaneously on an LDAP server, a race condition between the TLS threads could occur. Consequently, the LDAP server terminated unexpectedly with a segmentation fault. With this update, a mutual exclusion (mutex) for Mozilla NSS initialization functions calls has been added to the code, which prevents this situation from occurring. The LDAP server no longer crashes when initializing a TLS connection.

Comment 9 errata-xmlrpc 2012-04-05 07:12:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0453.html

Note You need to log in before you can comment on or make changes to this bug.