Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 7398-1: libtar Security Advisory Updates

ubuntu
Calendar Grey March 31, 2025
Dist Ubuntu Esm H88
Multiple security issues in libtar can lead to denial of service and out-of-bounds read vulnerabilities. Updates available.
Several security issues were fixed in libtar.

Summary

Several security issues were fixed in libtar.

Software Description:

- libtar: C library for manipulating tar archives (development files)

Details:

It was discovered that libtar may perform out-of-bounds reads when

processing specially crafted tar files. An attacker could possibly use

this issue to cause libtar to crash, resulting in a denial of service,

or execute arbitrary code. (CVE-2021-33643, CVE-2021-33644)

It was discovered that libtar contained a memory leak due to failing

to free a variable, causing performance degradation. An attacker

could possibly use this issue to cause libtar to crash, resulting in a

denial of service. (CVE-2021-33645, CVE-2021-33646)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libtar-dev                      1.2.20-8.1ubuntu0.24.10.1
   libtar0t64                      1.2.20-8.1ubuntu0.24.10.1

Ubuntu 24.04 LTS
   libtar-dev                      1.2.20-8.1ubuntu0.24.04.1
   libtar0t64                      1.2.20-8.1ubuntu0.24.04.1

Ubuntu 22.04 LTS
   libtar-dev                      1.2.20-8ubuntu0.22.04.1
   libtar0                         1.2.20-8ubuntu0.22.04.1

Ubuntu 20.04 LTS
   libtar-dev                      1.2.20-8ubuntu0.20.04.1
   libtar0                         1.2.20-8ubuntu0.20.04.1

Ubuntu 18.04 LTS
   libtar-dev                      1.2.20-7ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   libtar0                         1.2.20-7ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libtar-dev                      1.2.20-4ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   libtar0                         1.2.20-4ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7398-1

  CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7398-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here