[SECURITY] [DLA 4033-1] libtar security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4033-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
January 28, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libtar
Version : 1.2.20-8+deb12u1~deb11u1
CVE ID : CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646
Multiple vulnerabilities have been fixed in libtar,
a library for manipulating tar archives.
CVE-2021-33643
out-of-bounds read in gnu_longlink()
CVE-2021-33644
out-of-bounds read in gnu_longname()
CVE-2021-33645
memory leak in th_read()
CVE-2021-33646
memory leak in th_read()
For Debian 11 bullseye, these problems have been fixed in version
1.2.20-8+deb12u1~deb11u1.
We recommend that you upgrade your libtar packages.
For the detailed security status of libtar please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libtar
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmeZP64ACgkQiNJCh6LY
mLFfjg//UHLxsz1aTKLeMWjjvWtmkdOgTv7tVaZxe4H4JnhrFbwxjgLOMU5tna/0
oPlPduFpwl7mtr3V2h9QAYfwLaD3WsrYQphn+MSQSCTx+yDoWqzz0Fm5dor74O+9
ZpPxLCmJ12Ucf8sVYxq/I/TwqcSHBDSg7+cItVkJJLCTQViezozJbiBNYTPDy0Bz
THhzkxSLsKkiRtY/fJUvNM869PGqu0KLpjN+tctLHFAE0aT58bNF4fwCIveFqI1H
pccohmOJbIg9ngjQpEux+iKetUxi55+yu60fKgUS4cJ6dSEq9t4LyTnz7lCb4Eqp
O+yi2nh/0ayFnNlO8jUWdoDEv2TarCpIOGRHDcDeII+v56A9I9mFCowM/8nWFndK
OlyIY9xdOCEoM7NHNTt68IYC1Aeohzja0nhv5DHyM9ZwVpJfB3wZGNN0MZxCjK4I
7IhOEWLBGfxQXAfN9Hi/DHdPjQLjogWoDfg+rtCpDmWj3xppLLQiPOBHWOu9mZjx
4T2poSiI9x2zB+8B82JCTfYEZUm8xKnNmTEWsDUV7fbkZBqKZYSltZDrFEImnYgC
nzlSBaiuZThjZtynTRmXJ5JyhaQ9G+p7lqC71uzOwcuAdVqk9605CMlWOEe4BQJ/
XRXNbDYL3T9MuuLuwJdu+p2bL39aEik3J5YoG5AyOtunEPHw9YQ=
=kepC
-----END PGP SIGNATURE-----
Reply to: