[SECURITY] Fedora 13 Update: libHX-3.6-1.fc13

updates at fedoraproject.org updates at fedoraproject.org
Sat Sep 4 04:57:09 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-13127
2010-08-20 00:57:45
--------------------------------------------------------------------------------

Name        : libHX
Product     : Fedora 13
Version     : 3.6
Release     : 1.fc13
URL         : http://sourceforge.net/projects/libhx/
Summary     : General-purpose library for typical low-level operations
Description :
A library for:
- rbtree with key-value pair extension
- deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs))
- platform independent opendir-style directory access
- platform independent dlopen-style shared library access
- auto-storage strings with direct access
- command line option (argv) parser
- shconfig-style config file parser
- platform independent random number generator with transparent
  /dev/urandom support
- various string, memory and zvec ops

--------------------------------------------------------------------------------
Update Information:

Update to libHX 3.6 fixing a buffer overflow in HX_split():    * http://libhx.gi
t.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f90d
pam_mount v2.5 (August 10 2010)  ===============================  Changes:  -
mount.crypt: fix incorrect processing of binary files in keyfile passthrough  -
call mount.crypt by means of mount -t crypt (selinux), same for umount  -
reorder the default path to search in /usr/local first, then /usr, /  - config:
add missing fd0ssh command to restore volumes using ssh  - ofl is now run as a
separate process (selinux policy simplification)    libHX v3.6 (August 16 2010)
===========================  Fixed:  - bitmap: set/clear/test had no effect due
to wrong type selection  - bitmap: avoid left-shift larger than type on 64-bit
- string: fixed buffer overflow in HX_split when too few fields were present in
the input    libHX 3.5 (August 01 2010)  ==========================  Fixed:  -
format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected  -
proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap  - strquote: do
not cause allocation with invalid format numbers  Enhancements:  - format2: add
the %(exec) function  - format2: add the %(shell) function  - format2: security
feature for %(exec) and %(shell)  - format2: add the %(snl) function  - string:
HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support  - string:
HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support  Changes:  -
format1: removed older formatter in favor of format2  - format2: add check for
empty key  - format2: function-specific delimiters  - format2: do nest-counting
even with normal parentheses  - format2: check for zero-argument function calls
- hashmap: do not needlessy change TID when no reshape was done  - string:
HX_basename (the fast variant) now recognizes the root directory  - string:
HX_basename now returns the trailing component with slashes instead of
everything after the last slash (which may have been nothing)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 16 2010 Till Maas <opensource at till.name> - 3.6-1
- really update to latest release
* Mon Aug 16 2010 Till Maas <opensource at till.name> - 3.5-1
- Update to latest release
- remove devel %files %{_includedir} globbing
- Update soname
* Sat Aug  7 2010 Till Maas <opensource at till.name> - 3.4-2
- Use less globbing in %files to detect changes
* Sun May 16 2010 Till Maas <opensource at till.name> - 3.4-1
- Update to new release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split()
        https://bugzilla.redhat.com/show_bug.cgi?id=625866
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libHX' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list