USN-6478-1: Traceroute vulnerability
14 November 2023
Traceroute could be made to execute arbitrary commands.
Releases
Packages
- traceroute - Traces the route taken by packets over an IPv4/IPv6 network
Details
It was discovered that Traceroute did not properly parse command
line arguments. An attacker could possibly use this issue to
execute arbitrary commands.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
traceroute
-
1:2.1.0-2ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04
-
traceroute
-
1:2.1.0-2ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
traceroute
-
1:2.1.0-2ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
traceroute
-
1:2.0.21-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
traceroute
-
1:2.0.20-0ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.