Lucene search
AmazonALAS-2024-2390HistoryJan 03, 2024 - 9:04 p.m.
Low: tar
2024-01-0321:04:00
alas.aws.amazon.com
6
tar
denial of service
extended attributes
pax archives
amazon linux 2
update
cve-2023-39804
red hat
mitre
Issue Overview:
It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could supply a specially crafted file and cause tar to crash, resulting in a denial of service. (CVE-2023-39804)
Affected Packages:
tar
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update tar to update your system.
New Packages:
aarch64:
tar-1.26-35.amzn2.0.3.aarch64
tar-debuginfo-1.26-35.amzn2.0.3.aarch64
i686:
tar-1.26-35.amzn2.0.3.i686
tar-debuginfo-1.26-35.amzn2.0.3.i686
src:
tar-1.26-35.amzn2.0.3.src
x86_64:
tar-1.26-35.amzn2.0.3.x86_64
tar-debuginfo-1.26-35.amzn2.0.3.x86_64
Additional References
Red Hat: CVE-2023-39804
Mitre: CVE-2023-39804
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | tar | < 1.26-35.amzn2.0.3 | tar-1.26-35.amzn2.0.3.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | tar-debuginfo | < 1.26-35.amzn2.0.3 | tar-debuginfo-1.26-35.amzn2.0.3.aarch64.rpm |
| Amazon Linux | 2 | i686 | tar | < 1.26-35.amzn2.0.3 | tar-1.26-35.amzn2.0.3.i686.rpm |
| Amazon Linux | 2 | i686 | tar-debuginfo | < 1.26-35.amzn2.0.3 | tar-debuginfo-1.26-35.amzn2.0.3.i686.rpm |
| Amazon Linux | 2 | x86_64 | tar | < 1.26-35.amzn2.0.3 | tar-1.26-35.amzn2.0.3.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | tar-debuginfo | < 1.26-35.amzn2.0.3 | tar-debuginfo-1.26-35.amzn2.0.3.x86_64.rpm |
Related
osv
osv
tar vulnerability
2023-12-11 00:26:33
tar - security update
2024-03-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2024-1188)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2024-1623)
2024-05-15 00:00:00
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2024-1539)
2024-04-22 00:00:00
redos
redos
ROS-20240425-02
2024-04-25 00:00:00
nessus
nessus
EulerOS Virtualization 2.9.1 : tar (EulerOS-SA-2024-1464)
2024-03-21 00:00:00
EulerOS Virtualization 2.11.1 : tar (EulerOS-SA-2024-1623)
2024-05-15 00:00:00
debiancve
debiancve
CVE-2023-39804
2024-03-27 04:15:08
ubuntu
ubuntu
GNU Tar vulnerability
2023-12-11 00:00:00
cve
cve
CVE-2023-39804
2024-03-27 04:15:08
debian
debian
[SECURITY] [DLA 3755-1] tar security update
2024-03-09 21:22:24
cvelist
cvelist
CVE-2023-39804
2024-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2023-39804
2023-11-30 00:00:00
redhatcve
redhatcve
CVE-2023-39804
2023-12-11 19:27:11
nvd
nvd
CVE-2023-39804
2024-03-27 04:15:08
veracode
veracode
Denial Of Service (DOS)
2023-12-15 16:25:51
photon
photon
Low Photon OS Security Update - PHSA-2023-3.0-0703
2023-12-22 00:00:00
Low Photon OS Security Update - PHSA-2024-4.0-0540
2024-01-07 00:00:00
Low Photon OS Security Update - PHSA-2023-5.0-0178
2023-12-23 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00