[SECURITY] [DLA 2830-1] tar security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2830-1] tar security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 28 Nov 2021 14:39:03 +0200
Message-id: <[🔎] 20211128123903.GA29708@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2830-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
November 28, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : tar
Version        : 1.29b-1.1+deb9u1
CVE ID         : CVE-2018-20482
Debian Bug     : 917377

An infinite loop when --sparse is used with file shrinkage during read 
access was fixed in the GNU tar archiving utility.

For Debian 9 stretch, this problem has been fixed in version
1.29b-1.1+deb9u1.

We recommend that you upgrade your tar packages.

For the detailed security status of tar please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tar

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGjeGcACgkQiNJCh6LY
mLHSHg/5AXIjprt17Hm8R1Wf6x+jDa70VI2AJjz0lXqIYIPAnipPtpcshz9UJL3L
ut8/Jg/W9gcCUNzj9WcQcJ3n3sPGvgUZCfeAsCr/bA8ISaXHmxrNIpJoJ3wiitNn
zn3gaEWxLL4puONrZagUiYIKJz/938STCxnV/aqViIgDFwPKyrrYGkoW5+o6PZ41
2Cfk1y4uVwz0CP5rhEDDsq2W5RaR8kCCansIkdKpTDemHibPelpT172X3tynRA7E
sWHGNrrkCuWKI0kD9NQB43smWAioQHlLBIaMVDGo/WyeFq0on6Jx6p5FJF22yxNK
MInn/IC6tsFpaE+RQjfmUk81CZ8dB5diMjVFfkjt8cWqKchETIeW6oosjy1m4+WW
2uy+TzmfRtwYDfL6ceP0MOVCKCz8BDvftEjTcO3iTXhxxtPNMF4oeuM493TQ7PeQ
KUef9mYTNa6ICcSLcxNUUQFMb8OflDOXOiz0Ie6RampkxMofQ/FkYkzWbjPsAu4G
0nmaTgrBNuwfzguoIqCYHJIq49SMwOt/c5dOeAZp1xxa98SaJt2xJ3C7gKJn78AW
B7Eg1SnGZzovp2Eg5/ogoW4K9l4n+s+yzLZhdqkr4sPEKvFlkYuNGDqdDapQLMyT
BMbDysNKFdeo7fYdS6nB7tDq1zX/9PJrUh4cg5oveD2fPJAcv5c=
=YlwR
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2829-1] libvpx security update
Next by Date: [SECURITY] [DLA 2831-1] libntlm security update
Previous by thread: [SECURITY] [DLA 2829-1] libvpx security update
Next by thread: [SECURITY] [DLA 2831-1] libntlm security update
Index(es):
- Date
- Thread