Debian 10165 Published by

Updated tar packages has been released for both Debian GNU/Linux 7 Extended LTS and Debian GNU/Linux 8 LTS:

DLA 1623-1: tar security update
ELA-69-1 tar security update



ELA-69-1 tar security update

Package: tar
Version: 1.26+dfsg-0.1+deb7u2
Related CVE: CVE-2018-20482
A denial of service vulnerability was discovered in tar, the GNU version of the tar UNIX archiving utility.

The –sparse argument looped endlessly if the file shrank whilst it was being read. Tar would only break out of this endless loop if the file grew again to (or beyond) its original end of file.

For Debian 7 Wheezy, these problems have been fixed in version 1.26+dfsg-0.1+deb7u2.

We recommend that you upgrade your tar packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DLA 1623-1: tar security update




Package : tar
Version : 1.27.1-2+deb8u2
CVE ID : CVE-2018-20482
Debian Bug : #917377

It was discovered that there was a potential denial of service
vulnerability in tar, the GNU version of the tar UNIX archiving
utility.

The --sparse argument looped endlessly if the file shrank whilst
it was being read. Tar would only break out of this endless loop
if the file grew again to (or beyond) its original end of file.

For Debian 8 "Jessie", this issue has been fixed in tar version
1.27.1-2+deb8u2.

We recommend that you upgrade your tar packages.