Advisories » MGASA-2019-0034

GNU tar has been updated to fix CVE-2018-20482

Publication date: 11 Jan 2019
Modification date: 11 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20482

Description

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage
during read access, which allows local users to cause a denial of
service (infinite read loop in sparse_dump_region in sparse.c) by
modifying a file that is supposed to be archived by a different user's
process (e.g., a system backup running as root).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24117
• https://lists.gnu.org/archive/html/bug-tar/2019-01/msg00000.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482

SRPMS

6/core

• tar-1.31-1.mga6