RedHat has issued an advisory on April 30: https://lwn.net/Articles/971676/ The problem is fixed in version 2.1.3. Mageia 9 is also affected.
Status comment: (none) => Fixed upstream in 2.1.3Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-46316Source RPM: (none) => traceroute-2.1.2-2.mga10.src.rpm
Suggested advisory: ======================== The updated package fixes a security vulnerability: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. (CVE-2023-46316) References: https://lwn.net/Articles/971676/ ======================== Updated package in core/updates_testing: ======================== traceroute-2.1.3-1.mga9 from SRPM: traceroute-2.1.3-1.mga9.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)Status comment: Fixed upstream in 2.1.3 => (none)Source RPM: traceroute-2.1.2-2.mga10.src.rpm => traceroute-2.1.2-1.mga9.src.rpmAssignee: bugsquad => qa-bugs
CC: (none) => mageia
Keywords: (none) => advisory
RH mageia 9 x86_64 Output of traceroute mageia.org before and after the update looks quite similar (some few fluctuations in times are expected) Not additional test information in previous round So I think is OK
CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0168.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED