|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[tcptra-dev] tcptraceroute-1.5beta4
|
tcptraceroute-1.5beta4 is now available at:
<http://michael.toren.net/code/tcptraceroute/tcptraceroute-1.5beta4.tar.gz>
The changelog states:
A call to seteuid() has been replaced with a call to setuid() to fully
drop root privileges. As there are currently no known exploitable
portions of tcptraceroute, older versions are still believed to be
safe even without fully dropping privileges, however users are still
encouraged to upgrade to provide a measure of containment in the event
that an exploitable flaw is discovered in the future. Reported by
David Coe <davidc@debian.org> and Matt Zimmerman <mdz@debian.org>,
and published in Debian Security Advisory DSA 330-1.
AC_FUNC_REALLOC was commented out of configure.ac, which was failing on
IRIX badly systems. The xrealloc() function in tcptraceroute already
works around the realloc(0,0) case that AC_FUNC_REALLOC is attempting
to prevent against, anyway. Reported by Petter Reinholdtsen
<pere@hungry.com>.
As always, feedback is very much appreciated. If I don't hear of any
further problems in the next 24 to 36 hours or so, I plan on releasing
tcptraceroute-1.5beta4 as tcptraceroute-1.5.
Thanks,
-mct
_______________________________________________
tcptraceroute-dev mailing list
tcptraceroute-dev@netisland.net
https://lists.netisland.net/mailman/listinfo/tcptraceroute-dev
|
|