contained libssl needs updating for CVE-2008-0166

Bug #231300 reported by Martin Pitt on 2008-05-17
258
Affects Status Importance Assigned to Milestone
ia32-libs (Ubuntu)
High
Martin Pitt
Dapper
Undecided
Unassigned
Feisty
Undecided
Unassigned
Gutsy
High
Ubuntu Security Team
Hardy
High
Ubuntu Security Team
Intrepid
High
Martin Pitt

Bug Description

Binary package hint: ia32-libs

ia32-libs still contains a bad copy of libssl and needs to be updated in all releases.

Martin Pitt (pitti) wrote :

Intrepid is in too much flux ATM; I'll copy over hardy-security to intrepid once the former hits the archive.

Changed in ia32-libs:
assignee: nobody → pitti
importance: Undecided → High
status: New → In Progress
Martin Pitt (pitti) wrote :

hardy-security update uploaded, awaiting processing from security team. Note that the package is in universe, so strictly speaking it does not require an USN.

Changed in ia32-libs:
assignee: nobody → pitti
importance: Undecided → High
status: New → Fix Committed
Martin Pitt (pitti) wrote :

gutsy update uploaded, awaiting processing.

Changed in ia32-libs:
assignee: nobody → pitti
importance: Undecided → High
status: New → Fix Committed
Martin Pitt (pitti) wrote :

Dapper's and Feisty's ia32-libs do not contain libssl. Fortunately this coincides nicely with the main->universe demotion in Gutsy. :-)

Changed in ia32-libs:
status: New → Invalid
status: New → Invalid
Scott Ritchie (scottritchie) wrote :

I claim credit for this, by the way ;)

The scope of this should be fairly minor, as the only app that I know of that uses 32 bit libssl under amd64 is Wine, and then only if the user is running an application that requires it (like, say, Windows Firefox or Putty).

Martin Pitt (pitti) on 2008-05-17
Changed in ia32-libs:
assignee: pitti → ubuntu-security
assignee: pitti → ubuntu-security
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 2.2ubuntu11

---------------
ia32-libs (2.2ubuntu11) hardy-security; urgency=low

  * sources.list.deb: Add hardy-updates and -security apt sources.
  * Refresh packages. In particular this picks up the hardy-security libssl,
    which fixes the PRNG vulnerability. [CVE-2008-0166] (LP: #231300)

 -- Martin Pitt <email address hidden> Sat, 17 May 2008 07:47:26 +0000

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 2.1ubuntu4

---------------
ia32-libs (2.1ubuntu4) gutsy-security; urgency=low

  * sources.list.deb: Add hardy-updates and -security apt sources.
  * Refresh packages. In particular this picks up the gutsy-security libssl,
    which fixes the PRNG vulnerability. [CVE-2008-0166] (LP: #231300)

 -- Martin Pitt <email address hidden> Sat, 17 May 2008 08:12:04 +0000

Changed in ia32-libs:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Copied hardy-security to intrepid.

Changed in ia32-libs:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers