Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.14215.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:14215-1)
Summary:The remote host is missing an update for the 'tar' package(s) announced via the SUSE-SU-2019:14215-1 advisory.
Description:Summary:
The remote host is missing an update for the 'tar' package(s) announced via the SUSE-SU-2019:14215-1 advisory.

Vulnerability Insight:
This update for tar to version 1.27.1 fixes the following issues:

tar 1.27.1 brings following changes (jsc#ECO-339)
Sparse files with large data

No backticks in quoting

--owner and --group names and numbers

Support for POSIX ACLs, extended attributes and SELinux context.

Passing command line arguments to external commands.

New configure option --enable-gcc-warnings, intended for debugging.

New warning control option --warning=[no-]record-size

New command line option --keep-directory-symlink

Fix unquoting of file names obtained via the -T option.

Fix GNU long link header timestamp (backward compatibility).

Security issues fixed:
CVE-2019-9923: Fixed a denial of service while parsing certain archives
with malformed extended headers in pax_decode_header() (bsc#1130496).

CVE-2018-20482: Fixed a denial of service when the '--sparse' option
mishandles file shrinkage during read access (bsc#1120610).

Affected Software/OS:
'tar' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9923
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://savannah.gnu.org/bugs/?55369
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
SuSE Security Announcement: openSUSE-SU-2019:1237 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.