Описание
Moderate: libtar security update
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2121289
- Red Hat - 2121292
- Red Hat - 2121295
- Red Hat - 2121297
Связанные уязвимости
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.