Lucene search

K
debianDebianDEBIAN:DLA-1623-1:7ECB0
HistoryDec 31, 2018 - 9:51 a.m.

[SECURITY] [DLA 1623-1] tar security update

2018-12-3109:51:16
lists.debian.org
51

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0

Percentile

5.1%

Package : tar
Version : 1.27.1-2+deb8u2
CVE ID : CVE-2018-20482
Debian Bug : #917377

It was discovered that there was a potential denial of service
vulnerability in tar, the GNU version of the tar UNIX archiving
utility.

The --sparse argument looped endlessly if the file shrank whilst
it was being read. Tar would only break out of this endless loop
if the file grew again to (or beyond) its original end of file.

For Debian 8 "Jessie", this issue has been fixed in tar version
1.27.1-2+deb8u2.

We recommend that you upgrade your tar packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      [email protected] / chris-lamb.co.uk
   `-

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0

Percentile

5.1%