Download
| Alert*
oval:org.secpod.oval:def:602659
tar is installed oval:org.secpod.oval:def:605045 tar is installed oval:org.secpod.oval:def:201918 The GNU tar program saves many files together in one archive and can restore individual files from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to ... oval:org.secpod.oval:def:201909 The GNU tar program saves many files together in one archive and can restore individual files from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to ... oval:org.secpod.oval:def:500369 The GNU tar program saves many files together in one archive and can restore individual files from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to ... oval:org.secpod.oval:def:1800728 tar is installed oval:org.secpod.oval:def:79884 tar: GNU version of the tar archiving utility tar could be made to crash if it received specially crafted file. oval:org.secpod.oval:def:1801285 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:1801286 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:1801289 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:203148 tar is installed oval:org.secpod.oval:def:70340 tar: GNU version of the tar archiving utility Several security issues were fixed in tar. oval:org.secpod.oval:def:70151 tar: GNU version of the tar archiving utility Several security issues were fixed in tar. oval:org.secpod.oval:def:89003270 This update for tar to version 1.27.1 fixes the following issues: tar 1.27.1 brings following changes * Sparse files with large data * No backticks in quoting * --owner and --group names and numbers * Support for POSIX ACLs, extended attributes and SELinux context. * Passing command line arguments ... oval:org.secpod.oval:def:1800815 GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions: tar 1.14 to 1.29 oval:org.secpod.oval:def:89045166 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name specified on the command line [bsc#1007188] [CVE-2016-6321] oval:org.secpod.oval:def:1800727 GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions tar 1.14 to 1.29 oval:org.secpod.oval:def:89045178 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name specified on the command line [bsc#1007188] [CVE-2016-6321] - Fix Amanda integration iss ... oval:org.secpod.oval:def:3300309 SUSE Security Update: Security update for tar oval:org.secpod.oval:def:507556 The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fix: * tar: heap buffer overflow at from_header in list.c via specially crafted checksum For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ... oval:org.secpod.oval:def:507538 The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fix: * tar: heap buffer overflow at from_header in list.c via specially crafted checksum For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ... oval:org.secpod.oval:def:1506452 [2:1.34-6] - Fix CVE-2022-48303 - Resolves: CVE-2022-48303 oval:org.secpod.oval:def:1506436 [1.30-6.1] - Fix CVE-2022-48303 - Resolves: CVE-2022-48303 oval:org.secpod.oval:def:19500069 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace c ... oval:org.secpod.oval:def:89476 tar: GNU version of the tar archiving utility tar could be made to crash or expose sensitive information if it received a specially crafted file. oval:org.secpod.oval:def:1701224 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace c ... oval:org.secpod.oval:def:2500939 The GNU tar program can save multiple files in an archive and restore files from an archive. oval:org.secpod.oval:def:4501176 The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fix: * tar: heap buffer overflow at from_header in list.c via specially crafted checksum For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ... oval:org.secpod.oval:def:89048628 This update for tar fixes the following issues: * CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump . Bug fixes: * Fix hang when unpacking test tarball . oval:org.secpod.oval:def:602656 Harry Sintonen discovered that GNU tar does not properly handle member names containing "..", thus allowing an attacker to bypass the path names specified on the command line and replace files and directories in the target directory. oval:org.secpod.oval:def:703359 tar: GNU version of the tar archiving utility tar could be made to overwrite files. oval:org.secpod.oval:def:51671 tar: GNU version of the tar archiving utility tar could be made to overwrite files. oval:org.secpod.oval:def:50591 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system ba ... oval:org.secpod.oval:def:89047405 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header in list.c . - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c . - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c . - Update to GNU tar 1.3 ... oval:org.secpod.oval:def:1900035 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:2001000 GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process . oval:org.secpod.oval:def:708653 tar: GNU version of the tar archiving utility tar could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:96786 tar: GNU version of the tar archiving utility tar could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:89051357 This update for tar fixes the following issues: * CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling . oval:org.secpod.oval:def:89051344 This update for tar fixes the following issues: * CVE-2023-39804: Incorrectly handled extension attributes in PAX archives can lead to a crash oval:org.secpod.oval:def:97715 [CLSA-2023:1677791921] tar: Fix of CVE-2022-48303 oval:org.secpod.oval:def:1702004 It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service oval:org.secpod.oval:def:19500568 It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service |