-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-12950 2010-08-17 19:33:34 --------------------------------------------------------------------------------
Name : libHX Product : Fedora 14 Version : 3.6 Release : 1.fc14 URL : http://sourceforge.net/projects/libhx/ Summary : General-purpose library for typical low-level operations Description : A library for: - rbtree with key-value pair extension - deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs)) - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option (argv) parser - shconfig-style config file parser - platform independent random number generator with transparent /dev/urandom support - various string, memory and zvec ops
-------------------------------------------------------------------------------- Update Information:
Update to libHX 3.6 fixing a buffer overflow in HX_split():
* http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h...
pam_mount v2.5 (August 10 2010) =============================== Changes: - mount.crypt: fix incorrect processing of binary files in keyfile passthrough - call mount.crypt by means of mount -t crypt (selinux), same for umount - reorder the default path to search in /usr/local first, then /usr, / - config: add missing fd0ssh command to restore volumes using ssh - ofl is now run as a separate process (selinux policy simplification)
libHX v3.6 (August 16 2010) =========================== Fixed: - bitmap: set/clear/test had no effect due to wrong type selection - bitmap: avoid left-shift larger than type on 64-bit - string: fixed buffer overflow in HX_split when too few fields were present in the input
libHX 3.5 (August 01 2010) ========================== Fixed: - format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected - proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap - strquote: do not cause allocation with invalid format numbers Enhancements: - format2: add the %(exec) function - format2: add the %(shell) function - format2: security feature for %(exec) and %(shell) - format2: add the %(snl) function - string: HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support - string: HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support Changes: - format1: removed older formatter in favor of format2 - format2: add check for empty key - format2: function-specific delimiters - format2: do nest-counting even with normal parentheses - format2: check for zero-argument function calls - hashmap: do not needlessy change TID when no reshape was done - string: HX_basename (the fast variant) now recognizes the root directory - string: HX_basename now returns the trailing component with slashes instead of everything after the last slash (which may have been nothing)
-------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 16 2010 Till Maas opensource@till.name - 3.6-1 - really update to latest release * Mon Aug 16 2010 Till Maas opensource@till.name - 3.5-1 - Update to latest release - remove devel %files %{_includedir} globbing - Update soname * Sat Aug 7 2010 Till Maas opensource@till.name - 3.4-2 - Use less globbing in %files to detect changes * Sun May 16 2010 Till Maas opensource@till.name - 3.4-1 - Update to new release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split() https://bugzilla.redhat.com/show_bug.cgi?id=625866 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update libHX' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------