Package tar updated to version 1.30.0.38.3c2a-alt1 for branch sisyphus in task 218640.

Published: 2018-12-26

BDU:2019-01641

Уязвимость фунции sparse_dump_region архиватора GNU Tar, связанная с чтением за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.7) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2018-20482

Published: 2018-12-26
Modified: 2024-11-21

CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Package tar update in sisyphus on 2018-12-27

ALT-PU-2018-2972-1

Closed vulnerabilities

BDU:2019-01641

CVE-2018-20482