Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0335)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0335

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0335)

Resumen: The remote host is missing an update for the 'libtar' package(s) announced via the MGASA-2022-0335 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libtar' package(s) announced via the MGASA-2022-0335 advisory.

Vulnerability Insight:
An attacker who submits a crafted tar file with size in header struct
being 0 may be able to trigger an calling of malloc(0) for a variable
gnu_longlink, causing an out-of-bounds read. (CVE-2021-33643)

An attacker who submits a crafted tar file with size in header struct
being 0 may be able to trigger an calling of malloc(0) for a variable
gnu_longname, causing an out-of-bounds read. (CVE-2021-33644)

The th_read() function doesn't free a variable t->th_buf.gnu_longlink
after allocating memory, which may cause a memory leak. (CVE-2021-33645)

The th_read() function doesn't free a variable t->th_buf.gnu_longname
after allocating memory, which may cause a memory leak. (CVE-2021-33646)

Affected Software/OS:
'libtar' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
9.4

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-33643
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807
Common Vulnerability Exposure (CVE) ID: CVE-2021-33644
Common Vulnerability Exposure (CVE) ID: CVE-2021-33645
Common Vulnerability Exposure (CVE) ID: CVE-2021-33646

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0335
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0335)
Resumen:	The remote host is missing an update for the 'libtar' package(s) announced via the MGASA-2022-0335 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libtar' package(s) announced via the MGASA-2022-0335 advisory. Vulnerability Insight: An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. (CVE-2021-33643) An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. (CVE-2021-33644) The th_read() function doesn't free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. (CVE-2021-33645) The th_read() function doesn't free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. (CVE-2021-33646) Affected Software/OS: 'libtar' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-33643 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/ https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807 Common Vulnerability Exposure (CVE) ID: CVE-2021-33644 Common Vulnerability Exposure (CVE) ID: CVE-2021-33645 Common Vulnerability Exposure (CVE) ID: CVE-2021-33646
Copyright	Copyright (C) 2022 Greenbone AG