The nss_ldap package contains the nss_ldap and pam_ldap modules. Thenss_ldap module is a plug-in which allows applications to retrieveinformation about users and groups from a directory server. The pam_ldapmodule allows PAM-aware applications to use a directory server to verifyuser passwords.A race condition was discovered in nss_ldap which affected certainapplications which make LDAP connections, such as Dovecot. This could causenss_ldap to answer a request for information about one user withinformation about a different user. (CVE-2007-5794)In addition, these updated packages fix the following bugs:This has been resolved in this updated package. + /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so dlopen() of "././nss_ldap-253/nss_ldap.so" failed: ./././nss_ldap-253/nss_ldap.so: undefined symbol: request_key error: Bad exit status from /var/tmp/rpm-tmp.62652 (%build)The missing libraries have been added, which resolves this issue.When recursively enumerating the set of members in a given group, themodule would allocate insufficient space for storing the set of membernames if the group itself contained other groups, thus corrupting the heap.This update includes a backported fix for this bug.Users of nss_ldap should upgrade to these updated packages, which containbackported patches to correct this issue and fix these bugs.