Advisories » MGASA-2021-0233

Updated tar package fix a security vulnerability

Publication date: 08 Jun 2021
Modification date: 07 Jun 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-20193

Description

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability (CVE-2021-20193).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29049
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XRDSUUE3LUKBDRLPB7GTT5QZRPV5J7O4/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193

SRPMS

8/core

• tar-1.33-2.1.mga8

7/core

• tar-1.32-1.1.mga7