RLSA-2023:2898

Synopsis

Moderate: libtar security update

Description

The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.

Security Fix(es):

* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)

* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)

* libtar: memory leak found in th_read() function (CVE-2021-33645)

* libtar: memory leak found in th_read() function (CVE-2021-33646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2121289 2121292 2121295 2121297

CVEs

CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646

Affected packages

Rocky Linux 8 aarch64 - AppStream

libtar-0:1.2.20-17.el8.aarch64.rpm libtar-0:1.2.20-17.el8.src.rpm libtar-debuginfo-0:1.2.20-17.el8.aarch64.rpm libtar-debugsource-0:1.2.20-17.el8.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

libtar-0:1.2.20-17.el8.i686.rpm libtar-0:1.2.20-17.el8.src.rpm libtar-0:1.2.20-17.el8.x86_64.rpm libtar-debuginfo-0:1.2.20-17.el8.i686.rpm libtar-debuginfo-0:1.2.20-17.el8.x86_64.rpm libtar-debugsource-0:1.2.20-17.el8.i686.rpm libtar-debugsource-0:1.2.20-17.el8.x86_64.rpm