Opened 3 months ago
Closed 3 months ago
Last modified 2 months ago
New minor version.
This is to inform you that GNU tar version 1.34 is available for
download. This release includes the following bugfixes:
Fixed at revision 12134.
Retroactively promote due to CVE-2021-20193
Arch Linux Security Advisory ASA-202102-41
Date : 2021-02-27
CVE-ID : CVE-2021-20193
Package : tar
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-1462
The package tar before version 1.34-1 is vulnerable to denial of
Upgrade to 1.34-1.
# pacman -Syu "tar>=1.34-1"
The problem has been fixed upstream in version 1.34.
An issue was discovered in GNU Tar before version 1.34. There is a
memory leak in read_header() in list.c in the tar application.
A crafted tar archive can crash the application.
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.