Ubuntu
ia32-libs package

ia32-libs contains vulnerable version of libglib2.0-0 in hardy

Bug #400791 reported by Joel Ebel
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ia32-libs (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Fix Released
High
Jamie Strandboge

Bug Description

Binary package hint: ia32-libs

Hardy ia32-libs package contains libglib2.0-0 version 2.16.3-1ubuntu1 which is vulnerable to malformed base64 conversions as per CVE-2008-4316. This was fixed in version 2.16.6-0ubuntu1.1 but ia32-libs was not updated.

There appear to be a multitude of inconsistencies in the ia32-libs package, and I have not confirmed which version bumps were security related, but surely others are as well. Here's a complete list of out-of-date packages in ia32-libs in hardy.

gcc-4.2-base
gtk2-engines-murrine
gtk2-engines-pixbuf
gtk2-engines-ubuntulooks
gtk2-engines
libartsc0
libc6-dev
libc6
libcairo2
libcupsimage2
libcupsys2
libdbus-1-3
libexif12
libfreetype6
libgcc1
libglib2.0-0 (both updated externally and forked internally)
libgnutls13
libgphoto2-2
libgphoto2-port0
libgtk2.0-0
libhal1
libkrb53
liblcms1
libldap-2.4-2
libpam0g
libpango1.0-0
libpcre3
libpng12-0
libqt4-core
libqt4-gui
libsasl2-2
libsdl-mixer1.2
libsndfile1
libssl0.9.8
libstdc++6
libtiff4
libwmf0.2-7
libxml2
libxslt1.1

Since updating ia32-libs doesn't require any patching, as that has already been done, I would encourage that the package be updated to fix this and likely other security vulnerabilities.

Jamie Strandboge (jdstrand)
visibility: private → public
Marc Deslauriers (mdeslaur)
Changed in ia32-libs (Ubuntu):
status: New → Confirmed
Revision history for this message
Colin Watson (cjwatson) wrote :

For the sake of bookkeeping I'm marking this as Invalid in Karmic, since this is fairly specifically about Hardy - I've created a bug task on Hardy for this.

Changed in ia32-libs (Ubuntu Hardy):
status: New → Confirmed
Changed in ia32-libs (Ubuntu):
status: Confirmed → Invalid
Changed in ia32-libs (Ubuntu Hardy):
importance: Undecided → High
Jamie Strandboge (jdstrand)
Changed in ia32-libs (Ubuntu Hardy):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 2.2ubuntu11.2

---------------
ia32-libs (2.2ubuntu11.2) hardy-security; urgency=low

  * SECURITY UPDATE: Refresh packages which pulls in glib2 and a whole bunch
    of other security fixes (LP: #400791)

 -- Jamie Strandboge <email address hidden> Fri, 07 Aug 2009 09:28:54 +0000

Changed in ia32-libs (Ubuntu Hardy):
status: Fix Committed → Fix Released
Revision history for this message
Joseph Schmitz (hallab) wrote :

Installing the package I get the following error:
"
E: /var/cache/apt/archives/ia32-libs_2.2ubuntu11.2_amd64.deb: failed in buffer_write(fd) (10, ret=-1)
"

Changed in ia32-libs (Ubuntu Hardy):
status: Fix Released → Incomplete
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Closing due to lack of response from reporter.

Changed in ia32-libs (Ubuntu Hardy):
status: Incomplete → Fix Released
Revision history for this message
Andrew Pollock (apollock) wrote :

It's unclear to me what response you were waiting on from the reporter?

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Andrew, you are right. I apparently go t my signals crossed.

Joseph,
Your issue appears to be a local issue and not a packaging problem. If this is in error and you have steps to reproduce the problem, please reopen. Thanks

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.