Advisories ยป MGASA-2019-0034

GNU tar has been updated to fix CVE-2018-20482

Publication date: 11 Jan 2019
Modification date: 11 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20482

Description

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage
during read access, which allows local users to cause a denial of
service (infinite read loop in sparse_dump_region in sparse.c) by
modifying a file that is supposed to be archived by a different user's
process (e.g., a system backup running as root).
                

References

SRPMS

6/core