Package "tar"

Name: tar


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • optional scripts for GNU version of the tar archiving utility

Latest version: 1.34+dfsg-1.2ubuntu0.2
Release: lunar (23.04)
Level: security
Repository: universe


Other versions of "tar" in Lunar

Repository Area Version
base main 1.34+dfsg-1.2
base universe 1.34+dfsg-1.2
security main 1.34+dfsg-1.2ubuntu0.2
updates universe 1.34+dfsg-1.2ubuntu0.2
updates main 1.34+dfsg-1.2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Version: 1.34+dfsg-1.2ubuntu0.2 2023-12-11 01:11:02 UTC

  tar (1.34+dfsg-1.2ubuntu0.2) lunar-security; urgency=medium

  * SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
    - debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
      on the heap rather than the stack in src/xheader.c
    - CVE-2023-39804

 -- Alex Murray <email address hidden> Tue, 05 Dec 2023 15:45:21 +1030

Source diff to previous version
2029464 A stack overflow in GNU Tar

Version: 1.34+dfsg-1.2ubuntu0.1 2023-05-22 13:07:09 UTC

  tar (1.34+dfsg-1.2ubuntu0.1) lunar-security; urgency=medium

  * SECURITY UPDATE: one-byte out of bounds
    - debian/patches/CVE-2022-48303.patch: check limit in
    - CVE-2022-48303

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 May 2023 17:50:39 -0300

CVE-2022-48303 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the

About   -   Send Feedback to @ubuntu_updates