This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump . Bug fixes: - Fix hang when unpacking test tarball .
This update for tar fixes the following issues: * CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump . Bug fixes: * Fix hang when unpacking test tarball .
An integer overflow flaw was discovered in the CRL parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code. Details can be found in the upstream advisory at https://gnupg.org/blog/20221017-pepe-left-the-ksba.html
libksba: X.509 and CMS support library Details: USN-5688-1 fixed vulnerabilities in Libksba. This update provides the corresponding update for Ubuntu 22.10. Original advisory Libksba could be made to crash or run programs if it decoded specially crafted data.
tar: GNU version of the tar archiving utility Details: USN-5900-1 fixed vulnerabilities in tar. This update fixes it to Ubuntu 23.04. Original advisory tar could be made to crash or expose sensitive information if it received a specially crafted file.