MGASA-2022-0488 Updated libtar packages fix security vulnerability

After tarclose, libtar.c releases the memory pointed to by pointer t. After tarclose is called in the list function, it continues to use pointer t: freelonglinklongnamet-thbuf . As a result, the released memory is used use-after-free. CVE-2021-33640...

MGASA-2022-0335 Updated libtar packages fix security vulnerability

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger...