From debian-security-announce@LISTS.DEBIAN.ORG Fri Oct 13 12:36:24 2000 From: debian-security-announce@LISTS.DEBIAN.ORG To: BUGTRAQ@SECURITYFOCUS.COM Date: Thu, 12 Oct 2000 22:03:35 -0700 Reply-To: security@debian.org Subject: [BUGTRAQ] [SECURITY] New versions of Debian traceroute packages -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Advisory security@debian.org http://www.debian.org/security/ Daniel Jacobowitz October 13, 2000 - ---------------------------------------------------------------------------- Package: traceroute Vulnerability: local root exploit Debian-specific: no Vulnerable: yes In versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error. This problem is fixed in version 1.4a5-3, uploaded to Debian's unstable distribution on August 24, 2000. Fixed packages are now also available in proposed-updates and will be included in the next revision of Debian/2.2 (potato). The traceroute-nanog package is unaffected by this problem. Debian GNU/Linux 2.1 alias slink - -------------------------------- Slink contains an earlier version of traceroute, which is not affected by this problem. Debian GNU/Linux 2.2 (stable) alias potato - ------------------------------------------ Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0, PowerPC and Sun SPARC architectures, and will be included in 2.2r1. Source archives: http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.diff.gz MD5 checksum: fa0c426fa84bf54ec33093bae90c1fdf http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.dsc MD5 checksum: 4bd7bc9ec1894c75e7ccba51e6a91cc6 http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5.orig.tar.gz MD5 checksum: db5724df8d01b6c75aefe704e06e8160 Alpha architecture: http://security.debian.org/dists/potato/updates/main/binary-alpha/traceroute_1.4a5-3_alpha.deb MD5 checksum: 6b3f20ecb08276c15715ae54ef8be0c7 ARM architecture: http://security.debian.org/dists/potato/updates/main/binary-arm/traceroute_1.4a5-3_arm.deb MD5 checksum: 3e92eb865b388769da00a5cb3297a862 Intel ia32 architecture: http://security.debian.org/dists/potato/updates/main/binary-i386/traceroute_1.4a5-3_i386.deb MD5 checksum: feba02e20848bdfafa6bf7dd9c594eba Motorola 680x0 architecture: http://security.debian.org/dists/potato/updates/main/binary-m68k/traceroute_1.4a5-3_m68k.deb MD5 checksum: fdc5a6ed3cd97067c4b7e1ddf7945287 PowerPC architecture: http://security.debian.org/dists/potato/updates/main/binary-powerpc/traceroute_1.4a5-3_powerpc.deb MD5 checksum: 3cb1524fccc1eb0e011ec17d2d2a1407 Sun Sparc architecture: http://security.debian.org/dists/potato/updates/main/binary-sparc/traceroute_1.4a5-3_sparc.deb MD5 checksum: a9f078c807e52ab1a68bdeba0d364be1 Debian GNU/Linux Unstable alias woody - ------------------------------------- This version of Debian is not yet released. Fixes are currently available for Alpha, Intel ia32, Motorola 680x0, PowerPC and the Sun SPARC architectures, in the Debian archives. The stable packages listed above are also installable on current unstable systems. - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable updates/main Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOeaXFz5fjwqn/34JAQEvDAP+MlJ7Zh/CeeTcp8BWDF7C1n4wYYIOCNbB 63jwvhhO3mgVKbv+4e1TscGeODKfjU6LHmkZBqamLUIF84El4rxcn+0R3DBu+KNE cq/dRKFNHhyB6AXS1u3+tFdj7sa+D7FeHhArRLHFPf5myOneVf5GZwHYNG3xl0cz oQbAWek2wa0= =TrOL -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org