--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-12950
2010-08-17 19:33:34
--------------------------------------------------------------------------------
Name : libHX
Product : Fedora 14
Version : 3.6
Release : 1.fc14
URL :
http://sourceforge.net/projects/libhx/
Summary : General-purpose library for typical low-level operations
Description :
A library for:
- rbtree with key-value pair extension
- deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs))
- platform independent opendir-style directory access
- platform independent dlopen-style shared library access
- auto-storage strings with direct access
- command line option (argv) parser
- shconfig-style config file parser
- platform independent random number generator with transparent
/dev/urandom support
- various string, memory and zvec ops
--------------------------------------------------------------------------------
Update Information:
Update to libHX 3.6 fixing a buffer overflow in HX_split():
*
http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdif...
pam_mount v2.5 (August 10 2010)
===============================
Changes:
- mount.crypt: fix incorrect processing of binary files in keyfile passthrough
- call mount.crypt by means of mount -t crypt (selinux), same for umount
- reorder the default path to search in /usr/local first, then /usr, /
- config: add missing fd0ssh command to restore volumes using ssh
- ofl is now run as a separate process (selinux policy simplification)
libHX v3.6 (August 16 2010)
===========================
Fixed:
- bitmap: set/clear/test had no effect due to wrong type selection
- bitmap: avoid left-shift larger than type on 64-bit
- string: fixed buffer overflow in HX_split when too few fields were present in the input
libHX 3.5 (August 01 2010)
==========================
Fixed:
- format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected
- proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap
- strquote: do not cause allocation with invalid format numbers
Enhancements:
- format2: add the %(exec) function
- format2: add the %(shell) function
- format2: security feature for %(exec) and %(shell)
- format2: add the %(snl) function
- string: HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support
- string: HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support
Changes:
- format1: removed older formatter in favor of format2
- format2: add check for empty key
- format2: function-specific delimiters
- format2: do nest-counting even with normal parentheses
- format2: check for zero-argument function calls
- hashmap: do not needlessy change TID when no reshape was done
- string: HX_basename (the fast variant) now recognizes the root directory
- string: HX_basename now returns the trailing component with slashes instead of
everything after the last slash (which may have been nothing)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 3.6-1
- really update to latest release
* Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 3.5-1
- Update to latest release
- remove devel %files %{_includedir} globbing
- Update soname
* Sat Aug 7 2010 Till Maas <opensource(a)till.name> - 3.4-2
- Use less globbing in %files to detect changes
* Sun May 16 2010 Till Maas <opensource(a)till.name> - 3.4-1
- Update to new release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split()
https://bugzilla.redhat.com/show_bug.cgi?id=625866
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libHX' at the command line.
For more information, refer to "Managing Software with yum",
available at
http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------