[ GLSA 202105-29 ] Tar

[GLSA]

Gentoo Linux Security Advisory

Title: Tar: Denial of service (GLSA 202105-29)
Severity: low
Exploitable: local, remote
Date: 2021-05-26
Bug(s): #778548
ID: 202105-29

Synopsis

A vulnerability in Tar could lead to a Denial of Service condition.

Background

The Tar program provides the ability to create and manipulate tar
archives.


Affected Packages

Package: app-arch/tar
Vulnerable: < 1.34
Unaffected: >= 1.34
Architectures: All supported architectures


Description

It was discovered that GNU Tar had a memory leak when processing archive
headers.


Impact

A remote attacker could entice a user to open a specially crafted
archive using Tar, possibly resulting in a Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All Tar users should upgrade to the latest version: