MGASA-2023-0079
- Source
- https://advisories.mageia.org/MGASA-2023-0079.html
- Import Source
- https://advisories.mageia.org/MGASA-2023-0079.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2023-0079
- Related
- Published
- 2023-03-01T21:14:31Z
- Modified
- 2023-03-01T20:09:55Z
- Summary
- Updated tar packages fix security vulnerability
- Details
-
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. (CVE-2022-48303)
- References
-
- https://advisories.mageia.org/MGASA-2023-0079.html
- https://bugs.mageia.org/show_bug.cgi?id=31569
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013834.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EMCL5SDDZC2JTGVOT5D2T56IWCRICHJD/
- https://access.redhat.com/errata/RHSA-2023:0842
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / tar
Package
- Name
- tar
- Purl
- pkg:rpm/mageia/tar?distro=mageia-8