[SECURITY] Fedora 14 Update: libHX-3.6-1.fc14

updates at fedoraproject.org updates at fedoraproject.org
Thu Oct 28 22:20:52 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-12950
2010-08-17 19:33:34
--------------------------------------------------------------------------------

Name        : libHX
Product     : Fedora 14
Version     : 3.6
Release     : 1.fc14
URL         : http://sourceforge.net/projects/libhx/
Summary     : General-purpose library for typical low-level operations
Description :
A library for:
- rbtree with key-value pair extension
- deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs))
- platform independent opendir-style directory access
- platform independent dlopen-style shared library access
- auto-storage strings with direct access
- command line option (argv) parser
- shconfig-style config file parser
- platform independent random number generator with transparent
  /dev/urandom support
- various string, memory and zvec ops

--------------------------------------------------------------------------------
Update Information:

Update to libHX 3.6 fixing a buffer overflow in HX_split():

* http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f90d


pam_mount v2.5 (August 10 2010)
===============================
Changes:
- mount.crypt: fix incorrect processing of binary files in keyfile passthrough
- call mount.crypt by means of mount -t crypt (selinux), same for umount
- reorder the default path to search in /usr/local first, then /usr, /
- config: add missing fd0ssh command to restore volumes using ssh
- ofl is now run as a separate process (selinux policy simplification)

libHX v3.6 (August 16 2010)
===========================
Fixed:
- bitmap: set/clear/test had no effect due to wrong type selection
- bitmap: avoid left-shift larger than type on 64-bit
- string: fixed buffer overflow in HX_split when too few fields were present in the input

libHX 3.5 (August 01 2010)
==========================
Fixed:
- format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected
- proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap
- strquote: do not cause allocation with invalid format numbers
Enhancements:
- format2: add the %(exec) function
- format2: add the %(shell) function
- format2: security feature for %(exec) and %(shell)
- format2: add the %(snl) function
- string: HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support
- string: HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support
Changes:
- format1: removed older formatter in favor of format2
- format2: add check for empty key
- format2: function-specific delimiters
- format2: do nest-counting even with normal parentheses
- format2: check for zero-argument function calls
- hashmap: do not needlessy change TID when no reshape was done
- string: HX_basename (the fast variant) now recognizes the root directory
- string: HX_basename now returns the trailing component with slashes instead of everything after the last slash (which may have been nothing)

--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 16 2010 Till Maas <opensource at till.name> - 3.6-1
- really update to latest release
* Mon Aug 16 2010 Till Maas <opensource at till.name> - 3.5-1
- Update to latest release
- remove devel %files %{_includedir} globbing
- Update soname
* Sat Aug  7 2010 Till Maas <opensource at till.name> - 3.4-2
- Use less globbing in %files to detect changes
* Sun May 16 2010 Till Maas <opensource at till.name> - 3.4-1
- Update to new release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split()
        https://bugzilla.redhat.com/show_bug.cgi?id=625866
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libHX' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list