SUSE: 2019:14215-1 Moderate Update: Fix For Tar Denial Of Service Issue
suse
November 11, 2019
An update that solves two vulnerabilities and has one errata is now available
Summary
This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes (jsc#ECO-339) * Sparse files with large data * No backticks in quoting * --owner and --group names and numbers * Support for POSIX ACLs, extended attributes and SELinux context. * Passing command line arguments to external commands. * New configure option --enable-gcc-warnings, intended for debugging. * New warning control option --warning=[no-]record-size * New command line option --keep-directory-symlink * Fix unquoting of file names obtained via the -T option. * Fix GNU long link header timestamp (backward compatibility). Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
Topics Covered
References
#1120610 #1130496 #1152736
Cross- CVE-2018-20482 CVE-2019-9923
Affected Products:
SUSE Linux Enterprise Server 11-SP4-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
https://www.suse.com/security/cve/CVE-2018-20482.html
https://www.suse.com/security/cve/CVE-2019-9923.html
https://bugzilla.suse.com/1120610
https://bugzilla.suse.com/1130496
https://bugzilla.suse.com/1152736
PREVIOUS 
NEXT Announcement ID: SUSE-SU-2019:14215-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!