ia32-libs contains vulnerable version of libglib2.0-0 in hardy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ia32-libs (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
Binary package hint: ia32-libs
Hardy ia32-libs package contains libglib2.0-0 version 2.16.3-1ubuntu1 which is vulnerable to malformed base64 conversions as per CVE-2008-4316. This was fixed in version 2.16.6-0ubuntu1.1 but ia32-libs was not updated.
There appear to be a multitude of inconsistencies in the ia32-libs package, and I have not confirmed which version bumps were security related, but surely others are as well. Here's a complete list of out-of-date packages in ia32-libs in hardy.
gcc-4.2-base
gtk2-engines-
gtk2-engines-pixbuf
gtk2-engines-
gtk2-engines
libartsc0
libc6-dev
libc6
libcairo2
libcupsimage2
libcupsys2
libdbus-1-3
libexif12
libfreetype6
libgcc1
libglib2.0-0 (both updated externally and forked internally)
libgnutls13
libgphoto2-2
libgphoto2-port0
libgtk2.0-0
libhal1
libkrb53
liblcms1
libldap-2.4-2
libpam0g
libpango1.0-0
libpcre3
libpng12-0
libqt4-core
libqt4-gui
libsasl2-2
libsdl-mixer1.2
libsndfile1
libssl0.9.8
libstdc++6
libtiff4
libwmf0.2-7
libxml2
libxslt1.1
Since updating ia32-libs doesn't require any patching, as that has already been done, I would encourage that the package be updated to fix this and likely other security vulnerabilities.
Related branches
visibility: | private → public |
Changed in ia32-libs (Ubuntu): | |
status: | New → Confirmed |
Changed in ia32-libs (Ubuntu Hardy): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
status: | Confirmed → Fix Committed |
For the sake of bookkeeping I'm marking this as Invalid in Karmic, since this is fairly specifically about Hardy - I've created a bug task on Hardy for this.