| ||||||||||||||||
Fedora alert FEDORA-2008-7973 (libHX)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-7973 2008-09-11 11:06:52 -------------------------------------------------------------------------------- Name : libHX Product : Fedora 8 Version : 1.23 Release : 1.fc8 URL : http://jengelh.hopto.org/files/libHX/ Summary : General-purpose library for typical low-level operations Description : A library for: - rbtree with key-value pair extension - deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs)) - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option (argv) parser - shconfig-style config file parser - platform independent random number generator with transparent /dev/urandom support - various string, memory and zvec ops -------------------------------------------------------------------------------- Update Information: A security flaw in the pam_mount's handling of user defined volumes using the 'luserconf' option has been fixed in this update. The vulnerability allowed users to arbitrarily mount filesystems at arbitrary locations. More details about this vulnerability can be found in the announcement message sent to the pam-mount-user mailinglist at SourceForge: http://sourceforge.net/mailarchive/me ssage.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou. qr The pam_mount facility now uses a configuration file written in XML. The /etc/security/pam_mount.conf file will be converted to /etc/security/pam_mount.conf.xml during update with /usr/bin/convert_pam_mount_conf.pl, which removes all comments. Any per-user configuration files must be converted manually, with the conversion script if desired. A sample pam_mount.conf.xml file with detailed comments about the available options appears at /usr/share/doc/pam_mount-*/pam_mount.conf.xml. Note: This update also introduces a new version of libHX, which is required by updated pam_mount. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 5 2008 Till Maas <opensource@till.name> - 1.23-1 - Update to latest version * Wed Jun 11 2008 Till Maas <opensource till name> - 1.18-2 - Set variable V for make: displays full compiler commandline * Wed Jun 11 2008 Till Maas <opensource till name> - 1.18-1 - Update to latest version * Tue May 27 2008 Till Maas <opensource till name> - 1.17-1 - Update to latest version * Mon May 5 2008 Till Maas <opensource till name> - 1.15-1 - Update to latest version - Update description * Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.10.2-2 - Autorebuild for GCC 4.3 * Wed Dec 26 2007 Till Maas <opensource till name> - 1.10.2-1 - update to latest version - fixed bug: https://sourceforge.net/tracker/?func=detail&atid=430... -------------------------------------------------------------------------------- References: [ 1 ] Bug #461464 - pam_mount: missing luserconf security checks https://bugzilla.redhat.com/show_bug.cgi?id=461464 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libHX' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
||||||||||||||||