UbuntuUpdates.org

Package "inetutils-traceroute"

Name: inetutils-traceroute

Description:

trace the IPv4 route to another host

Latest version: 2:1.9.4-11ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe
Head package: inetutils
Homepage: https://www.gnu.org/software/inetutils/

Links


Download "inetutils-traceroute"


Other versions of "inetutils-traceroute" in Focal

Repository Area Version
base universe 2:1.9.4-11
security universe 2:1.9.4-11ubuntu0.2

Changelog

Version: 2:1.9.4-11ubuntu0.2 2023-08-22 19:06:54 UTC

  inetutils (2:1.9.4-11ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: NULL dereference DoS
    - debian/patches/CVE-2022-39028.patch: fix remote DoS
      in inetutils-telnetd in telnetd/state.c.
    - CVE-2022-39028
  * SECURITY UPDATE: Privilege escalation
    - debian/patches/CVE-2023-40303.patch: check setuid, setguid return values
      in ftpd/ftpd.c, src/rpc.c, src/rlogin.c, src/rsh.c, src/rshd.c,
      src/uucpd.c.
    - CVE-2023-40303

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 15 Aug 2023 13:26:59 -0300

Source diff to previous version
CVE-2022-39028 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In
CVE-2023-40303 GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, r

Version: 2:1.9.4-11ubuntu0.1 2021-08-19 19:06:25 UTC

  inetutils (2:1.9.4-11ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary remote code execution
    - debian/patches/CVE-2020-10188.patch: telnetd: Fix arbitrary remote code
      execution via short writes or urgent data.
    - CVE-2020-10188

 -- Paulo Flabiano Smorigo <email address hidden> Mon, 16 Aug 2021 13:33:08 +0000

CVE-2020-10188 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a bu



About   -   Send Feedback to @ubuntu_updates