Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0034
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0034)
Zusammenfassung:	The remote host is missing an update for the 'tar' package(s) announced via the MGASA-2019-0034 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'tar' package(s) announced via the MGASA-2019-0034 advisory. Vulnerability Insight: GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). Affected Software/OS: 'tar' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-20482 BugTraq ID: 106354 http://www.securityfocus.com/bid/106354 https://security.gentoo.org/glsa/201903-05 http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454 http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html https://news.ycombinator.com/item?id=18745431 https://twitter.com/thatcks/status/1076166645708668928 https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html https://lists.debian.org/debian-lts-announce/2021/11/msg00025.html SuSE Security Announcement: openSUSE-SU-2019:1237 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.