Ubuntu
ia32-libs package

contained libssl needs updating for CVE-2008-0166

  1. Intrepid (8.10)
  2. Bug #231300
Bug #231300 reported by Martin Pitt
258
Affects Status Importance Assigned to Milestone
ia32-libs (Ubuntu)
Fix Released
High
Martin Pitt
Dapper
Invalid
Undecided
Unassigned
Feisty
Invalid
Undecided
Unassigned
Gutsy
Fix Released
High
Ubuntu Security Team
Hardy
Fix Released
High
Ubuntu Security Team
Intrepid
Fix Released
High
Martin Pitt

Bug Description

Binary package hint: ia32-libs

ia32-libs still contains a bad copy of libssl and needs to be updated in all releases.

Revision history for this message
Martin Pitt (pitti) wrote :

Intrepid is in too much flux ATM; I'll copy over hardy-security to intrepid once the former hits the archive.

Changed in ia32-libs:
assignee: nobody → pitti
importance: Undecided → High
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

hardy-security update uploaded, awaiting processing from security team. Note that the package is in universe, so strictly speaking it does not require an USN.

Changed in ia32-libs:
assignee: nobody → pitti
importance: Undecided → High
status: New → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

gutsy update uploaded, awaiting processing.

Changed in ia32-libs:
assignee: nobody → pitti
importance: Undecided → High
status: New → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Dapper's and Feisty's ia32-libs do not contain libssl. Fortunately this coincides nicely with the main->universe demotion in Gutsy. :-)

Changed in ia32-libs:
status: New → Invalid
status: New → Invalid
Revision history for this message
Scott Ritchie (scottritchie) wrote :

I claim credit for this, by the way ;)

The scope of this should be fairly minor, as the only app that I know of that uses 32 bit libssl under amd64 is Wine, and then only if the user is running an application that requires it (like, say, Windows Firefox or Putty).

Martin Pitt (pitti)
Changed in ia32-libs:
assignee: pitti → ubuntu-security
assignee: pitti → ubuntu-security
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 2.2ubuntu11

---------------
ia32-libs (2.2ubuntu11) hardy-security; urgency=low

  * sources.list.deb: Add hardy-updates and -security apt sources.
  * Refresh packages. In particular this picks up the hardy-security libssl,
    which fixes the PRNG vulnerability. [CVE-2008-0166] (LP: #231300)

 -- Martin Pitt <email address hidden> Sat, 17 May 2008 07:47:26 +0000

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ia32-libs - 2.1ubuntu4

---------------
ia32-libs (2.1ubuntu4) gutsy-security; urgency=low

  * sources.list.deb: Add hardy-updates and -security apt sources.
  * Refresh packages. In particular this picks up the gutsy-security libssl,
    which fixes the PRNG vulnerability. [CVE-2008-0166] (LP: #231300)

 -- Martin Pitt <email address hidden> Sat, 17 May 2008 08:12:04 +0000

Changed in ia32-libs:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Copied hardy-security to intrepid.

Changed in ia32-libs:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.