tar

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Utility used to store, backup, and transport files
Version 1.34-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1462 1.33-1 1.34-1 Low Fixed
AVG-841 1.30-2 1.31-1 Low Fixed
AVG-64 1.29-1 1.29-2 Medium Fixed FS#51563
Issue Group Severity Remote Type Description
CVE-2021-20193 AVG-1462 Low No Denial of service
An issue was discovered in GNU Tar before version 1.34. There is a memory leak in read_header() in list.c in the tar application.
CVE-2018-20482 AVG-841 Low No Denial of service
A denial of service issue has been found in GNU Tar versions up to and including 1.30. When creating archives with the --sparse option, tar would loop...
CVE-2016-6321 AVG-64 Medium Yes Arbitrary file overwrite
The GNU tar archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a...

Advisories

Date Advisory Group Severity Type
27 Feb 2021 ASA-202102-41 AVG-1462 Low denial of service
08 Jan 2019 ASA-201901-1 AVG-841 Low denial of service
03 Nov 2016 ASA-201611-11 AVG-64 Medium arbitrary file overwrite