[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora 8 Update: libHX-1.23-1.fc8



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-7973
2008-09-11 11:06:52
--------------------------------------------------------------------------------

Name        : libHX
Product     : Fedora 8
Version     : 1.23
Release     : 1.fc8
URL         : http://jengelh.hopto.org/files/libHX/
Summary     : General-purpose library for typical low-level operations
Description :
A library for:
- rbtree with key-value pair extension
- deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs))
- platform independent opendir-style directory access
- platform independent dlopen-style shared library access
- auto-storage strings with direct access
- command line option (argv) parser
- shconfig-style config file parser
- platform independent random number generator with transparent
  /dev/urandom support
- various string, memory and zvec ops

--------------------------------------------------------------------------------
Update Information:

A security flaw in the pam_mount's handling of user defined volumes using the
'luserconf' option has been fixed in this update. The vulnerability allowed
users to arbitrarily mount filesystems at arbitrary locations.    More details
about this vulnerability can be found in the announcement message sent to the
pam-mount-user mailinglist at SourceForge: http://sourceforge.net/mailarchive/me
ssage.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou.
qr    The pam_mount facility now uses a configuration file written in XML. The
/etc/security/pam_mount.conf file will be converted to
/etc/security/pam_mount.conf.xml  during update with
/usr/bin/convert_pam_mount_conf.pl, which removes all comments. Any per-user
configuration files must be converted manually, with the conversion script if
desired. A sample pam_mount.conf.xml file with detailed comments about the
available options appears at /usr/share/doc/pam_mount-*/pam_mount.conf.xml.
Note: This update also introduces a new version of libHX, which is required by
updated pam_mount.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep  5 2008 Till Maas <opensource till name> - 1.23-1
- Update to latest version
* Wed Jun 11 2008 Till Maas <opensource till name> - 1.18-2
- Set variable V for make: displays full compiler commandline
* Wed Jun 11 2008 Till Maas <opensource till name> - 1.18-1
- Update to latest version
* Tue May 27 2008 Till Maas <opensource till name> - 1.17-1
- Update to latest version
* Mon May  5 2008 Till Maas <opensource till name> - 1.15-1
- Update to latest version
- Update description
* Wed Feb 20 2008 Fedora Release Engineering <rel-eng fedoraproject org> - 1.10.2-2
- Autorebuild for GCC 4.3
* Wed Dec 26 2007 Till Maas <opensource till name> - 1.10.2-1
- update to latest version
- fixed bug: https://sourceforge.net/tracker/?func=detail&atid=430593&aid=1845721&group_id=41452
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #461464 - pam_mount: missing luserconf security checks
        https://bugzilla.redhat.com/show_bug.cgi?id=461464
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libHX' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]