OESA-2023-2002

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-2002

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-2002.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2023-2002

Upstream

CVE-2023-39804

Published

2023-12-29T11:06:39Z

Modified

2025-09-03T06:19:23.890969Z

Summary

tar security update

Details

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored.

Security Fix(es):

A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.(CVE-2023-39804)

Database specific

{
    "severity": "Low"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / tar

Package

Name: tar
Purl: pkg:rpm/openEuler/tar&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.32-4.oe1

Ecosystem specific

{
    "src": [
        "tar-1.32-4.oe1.src.rpm"
    ],
    "x86_64": [
        "tar-1.32-4.oe1.x86_64.rpm",
        "tar-debugsource-1.32-4.oe1.x86_64.rpm",
        "tar-debuginfo-1.32-4.oe1.x86_64.rpm"
    ],
    "noarch": [
        "tar-help-1.32-4.oe1.noarch.rpm"
    ],
    "aarch64": [
        "tar-debuginfo-1.32-4.oe1.aarch64.rpm",
        "tar-1.32-4.oe1.aarch64.rpm",
        "tar-debugsource-1.32-4.oe1.aarch64.rpm"
    ]
}