Description of Problem:

Possible traceroute6 security flaw, demo follows
n.b. you need the ipv6 module loaded (luckily?)

[chris@localhost chris]$ /usr/sbin/traceroute6 ::1 8
traceroute to ::1 (::1) from ::1, 30 hops max, 8 byte packets
Segmentation fault

How Reproducible:

Every time

Steps to Reproduce:
As above.

Additional Information:
Looking at the code, this looks to be a heap mismanagement
flaw - data is written over the end of a malloc chunk. May
or may not be exploitable.
Note that traceroute6 drops root privs and just retains a
raw socket, so severity is limited.
I will notify vendor-sec shortly and cc: Alexey (iputils
maintainer).
Note, there might be other issues, I caught this via a
quick sanity scan since traceroute6 is a new suid-root
binary in RH7.2beta3