** Changed in: tar (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: tar (Ubuntu Focal)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912091
This bug was fixed in the tagged releases
https://ubuntu.com/security/notices/USN-5329-1
General changelog:
* SECURITY UPDATE: Denial of service (LP: #1912091)
- debian/patches/CVE-2021-20193.patch: in read_header method in
src/list.c, change the return value to be the value of status
The fix is in the newer version which is included in the current Ubuntu
https://bugs.launchpad.net/ubuntu/+source/tar/1.34+dfsg-1
it still need to be applied to older series though
** Changed in: tar (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because
** Changed in: tar (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912091
Title:
Memory Leak GNU Tar 1.33
To manage notifications about this bug go to:
** Changed in: tar (Ubuntu)
Importance: Undecided => Low
** Tags removed: security tar
** Tags added: focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912091
Title:
Memory Leak GNU Tar 1.33
Update:
CVE-2021-20193 has been assigned to this vulnerability by Red Hat
Security team.
---
Carlos
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-20193
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Update
This vulnerability has been discussed with the developer.
Developer has released a public fix.
Original Post in GNU TAR Project:
https://savannah.gnu.org/bugs/?59897
Commit with fix:
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
This thread