All errata/sisyphus/ALT-PU-2019-1004-1
ALT-PU-2019-1004-1

Package update tar in branch sisyphus

Version1.31-alt1
Task#218907
Published2019-01-03
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2019-01641
MEDIUM4.7

Уязвимость фунции sparse_dump_region архиватора GNU Tar, связанная с чтением за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-04-25Modified: 2023-11-21
CVSS 3.xMEDIUM 4.7
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.4
CVSS:2.0/AV:L/AC:M/Au:S/C:N/I:N/A:C
References
CVE-2018-20482
MEDIUM4.7

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Published: 2018-12-26Modified: 2024-11-21
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
References