Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 37: 2023-123778d70d Critical: Tar Heap Overflow Fix

fedora
Calendar Grey March 23, 2023
Dist Fedora Esm H88
The latest Fedora 37 release addresses CVE-2022-48303 within the tar utility, providing an important patch for a significant heap overflow vulnerability, enhancing overall system security.
Fix for CVE-2022-48303

Summary

The GNU tar program saves many files together in one archive and can

restore individual files (or all of the files) from that archive. Tar

can also be used to add supplemental files to an archive and to update

or list files in the archive. Tar includes multivolume support,

automatic archive compression/decompression, the ability to perform

remote archives, and the ability to perform incremental and full

backups.

If you want to use tar for remote backups, you also need to install

the rmt package on the remote box.

Fix for CVE-2022-48303

* Wed Mar 1 2023 Lukas Javorsky - 2:1.34-6

- Resolve CVE-2022-48303

[ 1 ] Bug #2149724 - tar: a heap buffer overflow at from_header() in list.c via specially crafter checksum [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2149724

su -c 'dnf upgrade --advisory FEDORA-2023-123778d70d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 1.34
Release: 6.fc37
URL:
Summary: GNU file archiving program

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.