[Bug 1912091] Re: Memory Leak GNU Tar 1.33
** Changed in: tar (Ubuntu Bionic) Status: New => Fix Released ** Changed in: tar (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
This bug was fixed in the tagged releases https://ubuntu.com/security/notices/USN-5329-1 General changelog: * SECURITY UPDATE: Denial of service (LP: #1912091) - debian/patches/CVE-2021-20193.patch: in read_header method in src/list.c, change the return value to be the value of status and break the execution, jumping to free next_long_name and next_long_link before returning. - CVE-2021-20193 ** Also affects: tar (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: tar (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: tar (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: tar (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: tar (Ubuntu Trusty) Status: New => Fix Released ** Changed in: tar (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
The fix is in the newer version which is included in the current Ubuntu https://bugs.launchpad.net/ubuntu/+source/tar/1.34+dfsg-1 it still need to be applied to older series though ** Changed in: tar (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
** Changed in: tar (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
** Changed in: tar (Ubuntu) Importance: Undecided => Low ** Tags removed: security tar ** Tags added: focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
Update: CVE-2021-20193 has been assigned to this vulnerability by Red Hat Security team. --- Carlos ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20193 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1912091] Re: Memory Leak GNU Tar 1.33
Update This vulnerability has been discussed with the developer. Developer has released a public fix. Original Post in GNU TAR Project: https://savannah.gnu.org/bugs/?59897 Commit with fix: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 This thread can go public now. ** Bug watch added: GNU Savannah Bug Tracker #59897 http://savannah.gnu.org/bugs/?59897 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912091 Title: Memory Leak GNU Tar 1.33 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs