Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Slackware: 2023-083-01 Moderate: Tar Out-Of-Bounds Control Flow

slackware
Calendar Grey March 24, 2023
Dist Slackware Esm H88
Recent updates for Slackware include tar packages aimed at addressing a significant security vulnerability that impacts various Linux distributions.
New tar packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/tar-1.34-i586-2_slack15.0.txz: Rebuilt. GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-48303 (* Security fix *)

Topics%20covered

Topics Covered

security advisory moderate software update slackware package fix tar control flow

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tar-1.26-i486-2_slack14.0.tgz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tar-1.26-x86_64-2_slack14.0.tgz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tar-1.26-i486-2_slack14.1.tgz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tar-1.26-x86_64-2_slack14.1.tgz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tar-1.29-i586-2_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ft...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: 2d770ce6d783a8099fccc591dd3b7253 tar-1.26-i486-2_slack14.0.tgz
Slackware x86_64 14.0 package: 47d56a93441c84236be64c6a08df25c8 tar-1.26-x86_64-2_slack14.0.tgz
Slackware 14.1 package: 2fc04424906a7f8035ee8bda24b35c6e tar-1.26-i486-2_slack14.1.tgz
Slackware x86_64 14.1 package: f69fd91af91be1cbc79258c8ed12f65f tar-1.26-x86_64-2_slack14.1.tgz
Slackware 14.2 package: 9ed6e99366573203980e09cb47e323df tar-1.29-i586-2_slack14.2.txz
Slackware x86_64 14.2 package: f13a9d31d31bc6ce7e5f87ffff80e40a tar-1.29-x86_64-2_slack14.2.txz
Slackware 15.0 package: 7341dca739aa63408f854b30653bb460 tar-1.34-i586-2_slack15.0.txz
Slackware x86_64 15.0 package: 7bf94e0b52a9ea443fa708dfad416ae2 tar-1.34-x86_64-2_slack15.0.txz
Slackware -current package: a9cb19d548e74bb44bbbf8959d531c06 a/tar-1.34-i586-3.txz
Slackware x86_64 -current package: 4542469c249ecca79652237ff47194c3 a/tar-1.34-x86_64-3.txz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory moderate software update slackware package fix tar control flow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg tar-1.34-i586-2_slack15.0.txz

Related News

Your message here