Debian Security Advisory

DLA-1623-1 tar -- LTS security update

Date Reported:
31 Dec 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-20482.
More information:

It was discovered that there was a potential denial of service vulnerability in tar, the GNU version of the tar UNIX archiving utility.

The --sparse argument looped endlessly if the file shrank whilst it was being read. Tar would only break out of this endless loop if the file grew again to (or beyond) its original end of file.

For Debian 8 Jessie, this issue has been fixed in tar version 1.27.1-2+deb8u2.

We recommend that you upgrade your tar packages.