| Summary: | <app-arch/tar-1.32: null-pointer dereference in pax_decode_header in sparse.c | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | base-system |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1691764 | ||
| Whiteboard: | A3 [cve glsa] | ||
| Package list: |
app-arch/tar-1.32
|
Runtime testing required: | --- |
amd64 stable amd64 stable sparc stable hppa stable x86 stable ppc/ppc64 stable arm stable New GLSA Request filed. s390 stable ia64 stable arm64 stable alpha stable m68k stable sh stable The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f24827067ff6f59cd0290e37b36efed2f9c4c84 commit 0f24827067ff6f59cd0290e37b36efed2f9c4c84 Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2019-04-08 06:57:38 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2019-04-08 06:57:38 +0000 app-arch/tar: Security cleanup Closes: https://bugs.gentoo.org/681728 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 app-arch/tar/Manifest | 1 - .../tar-1.31-remove-erroneous-abort-call.patch | 33 --------- app-arch/tar/tar-1.31-r1.ebuild | 81 ---------------------- 3 files changed, 115 deletions(-) |
From ${URL} : pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. Reference: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241 Upstream commit: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.