| Summary: | traceroute new security issue CVE-2023-46316 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, mageia, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | traceroute-2.1.2-1.mga9.src.rpm | CVE: | CVE-2023-46316 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-05-02 11:24:48 CEST
Nicolas Salguero
2024-05-02 11:25:19 CEST
Status comment:
(none) =>
Fixed upstream in 2.1.3 Suggested advisory: ======================== The updated package fixes a security vulnerability: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. (CVE-2023-46316) References: https://lwn.net/Articles/971676/ ======================== Updated package in core/updates_testing: ======================== traceroute-2.1.3-1.mga9 from SRPM: traceroute-2.1.3-1.mga9.src.rpm Status:
NEW =>
ASSIGNED
PC LX
2024-05-02 18:01:00 CEST
CC:
(none) =>
mageia
katnatek
2024-05-02 19:32:51 CEST
Keywords:
(none) =>
advisory RH mageia 9 x86_64 Output of traceroute mageia.org before and after the update looks quite similar (some few fluctuations in times are expected) Not additional test information in previous round So I think is OK
katnatek
2024-05-04 04:59:20 CEST
CC:
(none) =>
andrewsfarm
katnatek
2024-05-04 04:59:32 CEST
Whiteboard:
(none) =>
MGA9-64-OK Validating. CC:
(none) =>
sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0168.html Resolution:
(none) =>
FIXED |