what you don't know can hurt you

Ubuntu Security Notice USN-4692-1

Ubuntu Security Notice USN-4692-1
Posted Jan 13, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4692-1 - Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Daniel Axtens discovered that tar incorrectly handled certain malformed tar files. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20482, CVE-2019-9923
MD5 | 344cbf5822690466c47037ca26772ba8

Ubuntu Security Notice USN-4692-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-4692-1
January 13, 2021

tar vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in tar.

Software Description:
- tar: GNU version of the tar archiving utility

Details:

Chris Siebenmann discovered that tar incorrectly handled extracting files
resized during extraction when invoked with the --sparse flag. An attacker
could possibly use this issue to cause a denial of service. This issue
only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2018-20482)

Daniel Axtens discovered that tar incorrectly handled certain malformed
tar files. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could use this issue to
cause tar to crash, resulting in a denial of service. (CVE-2019-9923)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
tar 1.30+dfsg-7ubuntu0.20.10.1

Ubuntu 20.04 LTS:
tar 1.30+dfsg-7ubuntu0.20.04.1

Ubuntu 18.04 LTS:
tar 1.29b-2ubuntu0.2

Ubuntu 16.04 LTS:
tar 1.28-2.1ubuntu0.2

Ubuntu 14.04 ESM:
tar 1.27.1-1ubuntu0.1+esm1

Ubuntu 12.04 ESM:
tar 1.26-4ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4692-1
CVE-2018-20482, CVE-2019-9923

Package Information:
https://launchpad.net/ubuntu/+source/tar/1.30+dfsg-7ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/tar/1.30+dfsg-7ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/tar/1.29b-2ubuntu0.2
https://launchpad.net/ubuntu/+source/tar/1.28-2.1ubuntu0.2
Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close