---

Home Security

Debian Security Advisory: New versions of Debian traceroute packages

By

Date: Fri, 13 Oct 2000 01:02:08 -0400
From: Daniel Jacobowitz drow@drow.them.org
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] New versions of Debian traceroute packages

Debian Security Advisory                                 security@debian.org
http://www.debian.org/security/                            Daniel Jacobowitz
October 13, 2000

 
Package: traceroute
Vulnerability: local root exploit
Debian-specific: no
Vulnerable: yes

In versions of the traceroute package before 1.4a5-3, it is
possible for a local user to gain root access by exploiting an
argument parsing error.

This problem is fixed in version 1.4a5-3, uploaded to Debian’s
unstable distribution on August 24, 2000. Fixed packages are now
also available in proposed-updates and will be included in the next
revision of Debian/2.2 (potato).

The traceroute-nanog package is unaffected by this problem.

Debian GNU/Linux 2.1 alias slink

Slink contains an earlier version of traceroute, which is not
affected by this problem.

Debian GNU/Linux 2.2 (stable) alias potato

Fixes are currently available for the Alpha, ARM, Intel ia32,
Motorola 680×0, PowerPC and Sun SPARC architectures, and will be
included in 2.2r1.

Source archives:

http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.diff.gz

MD5 checksum: fa0c426fa84bf54ec33093bae90c1fdf

http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.dsc

MD5 checksum: 4bd7bc9ec1894c75e7ccba51e6a91cc6

http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5.orig.tar.gz

MD5 checksum: db5724df8d01b6c75aefe704e06e8160

Alpha architecture:

http://security.debian.org/dists/potato/updates/main/binary-alpha/traceroute_1.4a5-3_alpha.deb

MD5 checksum: 6b3f20ecb08276c15715ae54ef8be0c7

ARM architecture:

http://security.debian.org/dists/potato/updates/main/binary-arm/traceroute_1.4a5-3_arm.deb

MD5 checksum: 3e92eb865b388769da00a5cb3297a862

Intel ia32 architecture:

http://security.debian.org/dists/potato/updates/main/binary-i386/traceroute_1.4a5-3_i386.deb

MD5 checksum: feba02e20848bdfafa6bf7dd9c594eba

Motorola 680×0 architecture:

http://security.debian.org/dists/potato/updates/main/binary-m68k/traceroute_1.4a5-3_m68k.deb

MD5 checksum: fdc5a6ed3cd97067c4b7e1ddf7945287

PowerPC architecture:

http://security.debian.org/dists/potato/updates/main/binary-powerpc/traceroute_1.4a5-3_powerpc.deb

MD5 checksum: 3cb1524fccc1eb0e011ec17d2d2a1407

Sun Sparc architecture:

http://security.debian.org/dists/potato/updates/main/binary-sparc/traceroute_1.4a5-3_sparc.deb

MD5 checksum: a9f078c807e52ab1a68bdeba0d364be1

Debian GNU/Linux Unstable alias woody

This version of Debian is not yet released.

Fixes are currently available for Alpha, Intel ia32, Motorola
680×0, PowerPC and the Sun SPARC architectures, in the Debian
archives. The stable packages listed above are also installable on
current unstable systems.

For apt-get: deb http://security.debian.org/ stable
updates/main
Mailing list: debian-security-announce@lists.debian.org

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.