LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-7976 (libHX)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 9 Update: libHX-1.23-1.fc9


Date:
    	      Thu, 11 Sep 2008 17:17:03 +0000


Message-ID:
    	      <20080911171703.B27742E040C@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-7976
2008-09-11 11:07:05
--------------------------------------------------------------------------------

Name        : libHX
Product     : Fedora 9
Version     : 1.23
Release     : 1.fc9
URL         : http://jengelh.hopto.org/files/libHX/
Summary     : General-purpose library for typical low-level operations
Description :
A library for:
- rbtree with key-value pair extension
- deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs))
- platform independent opendir-style directory access
- platform independent dlopen-style shared library access
- auto-storage strings with direct access
- command line option (argv) parser
- shconfig-style config file parser
- platform independent random number generator with transparent
  /dev/urandom support
- various string, memory and zvec ops

--------------------------------------------------------------------------------
Update Information:

A security flaw in the pam_mount's handling of user defined volumes using the
'luserconf' option has been fixed in this update. The vulnerability allowed
users to arbitrarily mount filesystems at arbitrary locations.    More details
about this vulnerability can be found in the announcement message sent to the
pam-mount-user mailinglist at SourceForge: http://sourceforge.net/mailarchive/me
ssage.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou.
qr    Upstream changelog (excluding the git shortlog) for versions 0.43-0.47:
- mount.crypt: fix option slurping (SF bug #2054323)  - properly handle simple
sgrp config items (Debian bug #493497)  - src: correct error check in run_lsof()
- conf: check that slash follows home tilde  - conf: wildcard inadvertently
matched root sometimes  - fix double-freeing the authentication token  - use ofl
instead of lsof/fuser  - kill-on-logout support (terminate processes that would
stand in the    way of unmounting)  - mount.crypt: auto-detect necessity for
running losetup  - mount.crypt: add missing null command to conform to sh syntax
(SF bug #2089446)  - conf: fix printing of strings when luser volume options
were not ok  - conf: re-add luserconf security checks  - add support for encfs
1.3.x (1.4.x already has been in for long)  - conf: add the "noroot" attribute
for <volume> to force mounting with    the unprivileged user account (required
for FUSE filesystems)  - replace fixed-size buffers and arrays with dynamic ones
(complete)    Note: This update also introduces a new version of libHX, which is
required by updated pam_mount.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep  5 2008 Till Maas <opensource@till.name> - 1.23-1
- Update to latest version
* Wed Jun 11 2008 Till Maas <opensource till name> - 1.18-2
- Set variable V for make: displays full compiler commandline
* Wed Jun 11 2008 Till Maas <opensource till name> - 1.18-1
- Update to latest version
* Tue May 27 2008 Till Maas <opensource till name> - 1.17-1
- Update to latest version
* Mon May  5 2008 Till Maas <opensource till name> - 1.15-1
- Update to latest version
- Update description
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #461464 - pam_mount: missing luserconf security checks
        https://bugzilla.redhat.com/show_bug.cgi?id=461464
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libHX' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds