Important Security Update Error
NoOp
glgxg at sbcglobal.net
Sun Jul 26 21:30:36 UTC 2009
On 07/26/2009 02:03 PM, John Graddy wrote:
> I have been out of town for a while, and, when I returned, I had a
> lot of system updates waiting for me. When I tried to install the
> updates, one of them (labeled as an "Important Security Update" got
> the following error message:
>
> W: Failed to fetch
> http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-11ubuntu0.9.04.1_i386.deb
>
>
>
404 Not Found
>
> Is this something that I should worry about? Unfortunately, the
> Update Manager keeps coming back to try to install this failed
> update. Can I stop this from happening?
Looking, I find:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/?C=N;O=A
libtiff4_3.8.2-11ubuntu0.9.04.3_i386.deb
but no libtiff4_3.8.2-11ubuntu0.9.04.1_i386
so I can only guess that it was removed at some point.
Yep:
http://packages.ubuntu.com/jaunty/libtiff4
https://launchpad.net/ubuntu/+source/tiff
>
> 3.8.2-11ubuntu0.9.04.3
> Published in jaunty-updates on 2009-07-13
> Published in jaunty-security on 2009-07-13
>
> tiff (3.8.2-11ubuntu0.9.04.3) jaunty-security; urgency=low
>
> * SECURITY UPDATE: arbitrary code execution via integer overflows in
> tiff2rgba and rgb2ycbcr
> - debian/patches/CVE-2009-2347.patch: check for integer overflows in
> tools/rgb2ycbcr.c and tools/tiff2rgba.c.
> - CVE-2009-2347
>
> -- Marc Deslauriers <email address hidden> Mon, 13 Jul 2009 08:51:22 -0400
>
> Available diffs
>
> * 3.8.2-11ubuntu0.9.04.2 to 3.8.2-11ubuntu0.9.04.3 (2.1 KiB)
>
Try downloading and installing libtiff4_3.8.2-11ubuntu0.9.04.3_i386.deb
instead. You can download it from
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/ go to Nautilus,
double-click and install.
More information about the ubuntu-users
mailing list