Debian Security Advisory: New versions of Debian traceroute packagesOct 13, 2000, 07:47 (0 Talkback[s])
Date: Fri, 13 Oct 2000 01:02:08 -0400
Debian Security Advisory firstname.lastname@example.org http://www.debian.org/security/ Daniel Jacobowitz October 13, 2000
Package: traceroute Vulnerability: local root exploit Debian-specific: no Vulnerable: yesIn versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error.
This problem is fixed in version 1.4a5-3, uploaded to Debian's unstable distribution on August 24, 2000. Fixed packages are now also available in proposed-updates and will be included in the next revision of Debian/2.2 (potato).
The traceroute-nanog package is unaffected by this problem.
Debian GNU/Linux 2.1 alias slink
Slink contains an earlier version of traceroute, which is not affected by this problem.
Debian GNU/Linux 2.2 (stable) alias potato
Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC and Sun SPARC architectures, and will be included in 2.2r1.
Intel ia32 architecture:
Motorola 680x0 architecture:
Sun Sparc architecture:
Debian GNU/Linux Unstable alias woody
This version of Debian is not yet released.
Fixes are currently available for Alpha, Intel ia32, Motorola 680x0, PowerPC and the Sun SPARC architectures, in the Debian archives. The stable packages listed above are also installable on current unstable systems.
For apt-get: deb http://security.debian.org/ stable updates/main
Mailing list: email@example.com