This bug was fixed in the tagged releases
https://ubuntu.com/security/notices/USN-5329-1
General changelog:
* SECURITY UPDATE: Denial of service (LP: #1912091)
- debian/patches/CVE-2021-20193.patch: in read_header method in
src/list.c, change the return value to be the value of status
and break the execution, jumping to free next_long_name and
next_long_link before returning.
- CVE-2021-20193
** Also affects: tar (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: tar (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: tar (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: tar (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: tar (Ubuntu Trusty)
Status: New => Fix Released
** Changed in: tar (Ubuntu Xenial)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912091
Title:
Memory Leak GNU Tar 1.33
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
