LBNL Traceroute Heap Corruption Vulnerability

Solution:
Mandrake:

You can download the updates directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates

Linux-Mandrake 6.0:
1a4fa31d17673a14a19cc314109fea6f 6.0/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 6.0/SRPMS/traceroute-1.4a5-12mdk.src.rpm

Linux-Mandrake 6.1:
ff46d392fa729585f04ac4e00e9c55aa 6.1/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 6.1/SRPMS/traceroute-1.4a5-12mdk.src.rpm

Linux-Mandrake 7.0:
016b778a737cc26eab3b6c59757e135c 7.0/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 7.0/SRPMS/traceroute-1.4a5-12mdk.src.rpm

Linux-Mandrake 7.1:
956f739b513e353683f7a923ea716d06 7.1/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 7.1/SRPMS/traceroute-1.4a5-12mdk.src.rpm

Connectiva:

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/traceroute-1.4a7-2cl.i386.rpm

Caldera:

OpenLinux Desktop 2.3

Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

Verification

10a0865014f9a7adde15b1273a613672 RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm

OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

Verification

8f65446f8da688c94d7a1090579b987c RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm

OpenLinux eDesktop 2.4

Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

Verification

45cd9ac95771a444ace0e2275789ba11 RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm

Debian:

Apt: deb http://http.us.debian.org/debian dists/proposed-updates/
Http: http://http.us.debian.org/debian/dists/proposed-updates

fa0c426fa84bf54ec33093bae90c1fdf traceroute_1.4a5-3.diff.gz
4bd7bc9ec1894c75e7ccba51e6a91cc6 traceroute_1.4a5-3.dsc
6b3f20ecb08276c15715ae54ef8be0c7 traceroute_1.4a5-3_alpha.deb
feba02e20848bdfafa6bf7dd9c594eba traceroute_1.4a5-3_i386.deb
fdc5a6ed3cd97067c4b7e1ddf7945287 traceroute_1.4a5-3_m68k.deb

Trustix Secure Linux 1.1 (1.0 users should upgrade to 1.1):

The new packages can be found at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/

Packages:

* traceroute-1.4a5-18tr.i586.rpm
- Fixes local exploit recently discussed on bugtraq.

Immunix has released security updates for Immunix 6.2:

http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/traceroute-1.4a5-24.6x_StackGuard.i386.rpm

or

http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/traceroute-1.4a5-24.6x_StackGuard.src.rpm

md5sums of the packages:

cb497c4c15ca728056d5e20d4378a3f0 traceroute-1.4a5-24.6x_StackGuard.i386.rpm
28e3976fde67394f7703d329aedfbe4a traceroute-1.4a5-24.6x_StackGuard.src.rpm

Debian:

Debian GNU/Linux 2.2 (stable) alias potato
- ------------------------------------------

Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architectures, and will be included in 2.2r1.

Source archives:
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.diff.gz
MD5 checksum: fa0c426fa84bf54ec33093bae90c1fdf
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.dsc
MD5 checksum: 4bd7bc9ec1894c75e7ccba51e6a91cc6
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5.orig.tar.gz
MD5 checksum: db5724df8d01b6c75aefe704e06e8160

Alpha architecture:
http://security.debian.org/dists/potato/updates/main/binary-alpha/traceroute_1.4a5-3_alpha.deb
MD5 checksum: 6b3f20ecb08276c15715ae54ef8be0c7

ARM architecture:
http://security.debian.org/dists/potato/updates/main/binary-arm/traceroute_1.4a5-3_arm.deb
MD5 checksum: 3e92eb865b388769da00a5cb3297a862

Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/main/binary-i386/traceroute_1.4a5-3_i386.deb
MD5 checksum: feba02e20848bdfafa6bf7dd9c594eba

Motorola 680x0 architecture:
http://security.debian.org/dists/potato/updates/main/binary-m68k/traceroute_1.4a5-3_m68k.deb
MD5 checksum: fdc5a6ed3cd97067c4b7e1ddf7945287

PowerPC architecture:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/traceroute_1.4a5-3_powerpc.deb
MD5 checksum: 3cb1524fccc1eb0e011ec17d2d2a1407

Sun Sparc architecture:
http://security.debian.org/dists/potato/updates/main/binary-sparc/traceroute_1.4a5-3_sparc.deb
MD5 checksum: a9f078c807e52ab1a68bdeba0d364be1

S.u.S.E. Linux:

i386 Intel Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/nkitb-2000.10.4-0.i386.rpm
6c8f713a071a96c287942f880cd5919c
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm
c01db9ee70a9ac01cba1bace93cfdd16

SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/nkitb-2000.10.4-0.i386.rpm
321b78de11928a3361edf0a044721383
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
61aa9e2e4272606d2bd70828a72c957c

SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/nkita-2000.10.4-0.i386.rpm
6c5932e4083de6f499e4c77fcadbffc1
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nkita-2000.10.4-0.src.rpm
9debb8804293384057d69254614a1496

SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/nkita-2000.10.4-0.i386.rpm
49269283c6d39a234f61303b2e918413
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/nkita-2000.10.4-0.src.rpm
1cc00eb9b37b37a51fc249db3b51f6e1

SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/nkita-2000.10.4-0.i386.rpm
2fe1c6d70fcf1272da95f33ad7ad1010
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/nkita-2000.10.4-0.src.rpm
74d6f2e623b7fcac1b0881b1bfbe0880

SuSE-6.0
Please use the update packages from the 6.1 distribution.

Sparc Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/nkitb-2000.10.4-0.sparc.rpm
e9bc3512b6182f540e74308c02d81f65
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm
8fba03e9cef63ae076b10fb61c800e39

AXP Alpha Platform:

SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/nkitb-2000.10.4-0.alpha.rpm
7850969c7b3beaf3fd1ce8b2a9246be0
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
6e5a964177b6cf87524119c747f0220b

SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/nkita-2000.10.4-0.alpha.rpm
6440a6a7da903829cff57a5f8c7cda91
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nkita-2000.10.4-0.src.rpm
53bf05462378c384e8a46f3c6c368c67

PPC Power PC Platform:

SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/nkitb-2000.10.5-0.ppc.rpm
407d1c6731228f5d3e9addd108d31224
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nkitb-2000.10.5-0.src.rpm
8fba03e9cef63ae076b10fb61c800e39

SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/nkitb-2000.10.4-0.ppc.rpm
c432a5b8d37640be6e325ef9603f9cba
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
edf24c1989c85616d1caf53872e61f17

TurboLinux:

6.0:

ftp://ftp.turbolinux.com/pub/updates/6.0/traceroute-1.4a7-2.i386.rpm



 

Privacy Statement
Copyright 2010, SecurityFocus