Debian Security Advisory - The version of mtr as distributed in Debian GNU/Linux 2l1 did not drop root privileges correctly. While there are no known exploits it is conceivable that a weakness in gtk or ncurses could be used to exploit this. Debian security homepage here.
700b8cd7130f87834567c495ee277853ced57c9ca1b4d0cf4ca2798f7791f817
-----BEGIN PGP SIGNED MESSAGE-----
- ------------------------------------------------------------------------
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Wichert Akkerman
March 9, 2000
- ------------------------------------------------------------------------
Package: mtr
Vulnerability type: possible local exploit
Debian-specific: no
The version of mtr as distributed in Debian GNU/Linux 2l1 (aka slink)
did not drop root privileges correctly. While there are no known
exploits it is conceivable that a weakness in gtk or ncurses could be
used to exploit this.
This has been fixed in version 0.28-1, and we recommend that you
upgrade your mtr package.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
- --------------------------------
This version of Debian was released only for Intel ia32, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
http://security.debian.org/dists/stable/updates/source/mtr_0.28-1.diff.gz
MD5 checksum: a4fd6dbcc3b50914299b5de93d4b4ce8
http://security.debian.org/dists/stable/updates/source/mtr_0.28-1.dsc
MD5 checksum: 4570f1d02c68225e5819c0d41a9efb45
http://security.debian.org/dists/stable/updates/source/mtr_0.28.orig.tar.gz
MD5 checksum: 40074f51f01fbd295f330401175f9223
Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/mtr_0.28-1_alpha.deb
MD5 checksum: 2aafabb8fe0e618030cdd5a5cab20769
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/mtr_0.28-1_i386.deb
MD5 checksum: b1f0fdfa4d213531bd613b69ebe62b14
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/mtr_0.28-1_m68k.deb
MD5 checksum: 6c2089822ed8283885ccd6ab3564bf08
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/mtr_0.28-1_sparc.deb
MD5 checksum: 024ee70deac4dcb0a78b2cb5eedd287e
These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- --
- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBOMc9/qjZR/ntlUftAQFswAL/awxRlVJUkrIbLnQo0D2H4tBhME6b99yC
dK7x0cmGsWLa/4xkA1gozP/3pHGD77Z9SlFRBADRfBpt6p/PQBkmsYw9JvOcRtm9
ctUvDkwakwMYAIjvEP24pzQKZ3oCQ+Qj
=SKGK
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed