[ALSA-2023:2898] Moderate: libtar security update
Type:
security
Severity:
moderate
Release date:
2023-05-19
Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Security Fix(es): * libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643) * libtar: out-of-bounds read in gnu_longname (CVE-2021-33644) * libtar: memory leak found in th_read() function (CVE-2021-33645) * libtar: memory leak found in th_read() function (CVE-2021-33646) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 libtar-1.2.20-17.el8.aarch64.rpm db085efdf7ecc7f38bc6daf90541df3057b5761142088a0212a75ed1c4dc4809
i686 libtar-1.2.20-17.el8.i686.rpm 3ed846e9c2821ff84e32c62261218290c52e7f68160eff7149acfe071b55a95a
ppc64le libtar-1.2.20-17.el8.ppc64le.rpm 8ec12b5b7da86b902e9e1651da3ac1e9b78569f1d2fc1ca620bfbdd645beef6b
s390x libtar-1.2.20-17.el8.s390x.rpm 15397b92adf3c3dab01d9f60b1563ac292905e995c3f44d32e6e3699380660df
x86_64 libtar-1.2.20-17.el8.x86_64.rpm 2cc79dd98a436b0add34bdb62b7267602dbdfee3c5847992f0bcc26ec7175d94
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.