From b7b97785ebbb2f11d24d14dab8b81ed274f4ce6a Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 19 Mar 2019 11:37:34 +0000 Subject: gentoo resync : 19.03.2019 --- metadata/glsa/glsa-201903-05.xml | 50 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 metadata/glsa/glsa-201903-05.xml (limited to 'metadata/glsa/glsa-201903-05.xml') diff --git a/metadata/glsa/glsa-201903-05.xml b/metadata/glsa/glsa-201903-05.xml new file mode 100644 index 000000000000..106046f3f707 --- /dev/null +++ b/metadata/glsa/glsa-201903-05.xml @@ -0,0 +1,50 @@ + + + + Tar: Denial of Service + A vulnerability in Tar could led to a Denial of Service condition. + tar + 2019-03-10 + 2019-03-10 + 674210 + local + + + 1.30-r1 + 1.30-r1 + + + +

The Tar program provides the ability to create and manipulate tar + archives. +

+ + +

The sparse_dump_region function in sparse.c file in Tar allows an + infinite loop using the --sparse option. +

+ + +

A local attacker could cause a Denial of Service condition by modifying + a file that is supposed to be archived by a different user’s process + (e.g., a system backup running as root). +

+ + +

There is no known workaround at this time.

+ + +

All Tar users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-arch/tar-1.30-r1" + + + + + CVE-2018-20482 + + Zlogene + Zlogene + -- cgit v1.2.3