tar-1.34-6.el9

エラータID: AXSA:2023-5176:02

Release date: 
Wednesday, March 1, 2023 - 00:39
Subject: 
tar-1.34-6.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The GNU tar program can save multiple files in an archive and restore files from an archive.

Security Fix(es):

* tar: heap buffer overflow at from_header() in list.c via specially crafted checksum (CVE-2022-48303)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

Solution: 

Update packages.

CVEs: 
CVE-2022-48303
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
Additional Info: 

N/A

Download: 

SRPMS
  1. tar-1.34-6.el9.src.rpm
    MD5: 4a75073bc1d3cff5a8a69b9e4ac90bba
    SHA-256: 5218d6f32b3d6d3b0d181d3233d5b2f093af4c49930d7abc251a7d1b32eeb372
    Size: 2.15 MB

Asianux Server 9 for x86_64
  1. tar-1.34-6.el9.x86_64.rpm
    MD5: e3776e55db695e4f28069f453a7b8b0d
    SHA-256: ee5328911704069fa8c83375a8a86d67d93f33a8109d8184eba459cfee59a910
    Size: 875.22 kB