tar-1.30-6.el8.1

エラータID: AXSA:2023-5142:01

Release date: 
Wednesday, February 22, 2023 - 01:32
Subject: 
tar-1.30-6.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The GNU tar program can save multiple files in an archive and restore files from an archive.

Security Fix(es):

* tar: heap buffer overflow at from_header() in list.c via specially crafted checksum (CVE-2022-48303)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

Solution: 

Update packages.

CVEs: 
CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
Additional Info: 

N/A

Download: 

SRPMS
  1. tar-1.30-6.el8.1.src.rpm
    MD5: 52070f3dca8465e09566aa3597e79e79
    SHA-256: 55038c83e157da5b08378ef5ae7ee297d9b4e11c78bf6bdef2a2a5b12abcc225
    Size: 2.06 MB

Asianux Server 8 for x86_64
  1. tar-1.30-6.el8.1.x86_64.rpm
    MD5: 35154f228fadb6f6f2f9430e94e8f558
    SHA-256: b2371b84fca4fd494bde679d9a1f39b3cf3c2913100b979f960f83ead598bb3d
    Size: 837.32 kB