Fedora 38 FEDORA-2023-f72d3caf36 Moderate: Tar Buffer Overflow Fix

The GNU tar program saves many files together in one archive and can

restore individual files (or all of the files) from that archive. Tar

can also be used to add supplemental files to an archive and to update

or list files in the archive. Tar includes multivolume support,

automatic archive compression/decompression, the ability to perform

remote archives, and the ability to perform incremental and full

backups.

If you want to use tar for remote backups, you also need to install

the rmt package on the remote box.

Fix for CVE-2022-48303

* Wed Mar 1 2023 Lukas Javorsky - 2:1.34-8

- Resolve CVE-2022-48303

[ 1 ] Bug #2149724 - tar: a heap buffer overflow at from_header() in list.c via specially crafter checksum [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2149724

su -c 'dnf upgrade --advisory FEDORA-2023-f72d3caf36' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: