Bug 1144 - [UPDATE REQUEST] [UPSTREAM UPDATE] cyrus-sasl
: [UPDATE REQUEST] [UPSTREAM UPDATE] cyrus-sasl
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-03 13:58 MSK by Andrew Lukoshko
Modified: 2012-12-05 00:52 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrew.lukoshko: published_server+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2012-12-03 13:58:17 MSK
Update for cyrus-sasl from RHEL6 upstream.

Advisory:

* Previously, the GSSAPI plug-in kept credential handles open the whole time a
client was connected. These handles hold a pointer to a Kerberos replay cache
structure. When the replay cache is a file, that structure includes an open file
descriptor. When too many clients were using GSSAPI, the server could run out of
file handles. Consequently, the client could become unresponsive until
restarted. With this update, a GSSAPI credential handle is closed immediately
after the plug-in gets the security context, thus preventing this bug.
http://rhn.redhat.com/errata/RHBA-2012-1495.html

Build lists:

https://abf.rosalinux.ru/build_lists/850337
https://abf.rosalinux.ru/build_lists/850338

Please DON'T PUBLISH, just test.
Comment 1 Vladimir Potapov 2012-12-04 16:36:37 MSK
cyrus-sasl-2.1.23-13.res6.1
********************* RHEL Advisory **********************
* Previously, the GSSAPI plug-in kept credential handles open the whole time a
client was connected. These handles hold a pointer to a Kerberos replay cache
structure. When the replay cache is a file, that structure includes an open file
descriptor. When too many clients were using GSSAPI, the server could run out of
file handles. Consequently, the client could become unresponsive until
restarted. With this update, a GSSAPI credential handle is closed immediately
after the plug-in gets the security context, thus preventing this bug.
***********************************************************
QA Verified