advisories/24117.adv

type: security
subject: GNU tar has been updated to fix CVE-2018-20482
CVE:
 - CVE-2018-20482
src:
  6:
   core:
     - tar-1.31-1.mga6
description: |
  GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage
  during read access, which allows local users to cause a denial of
  service (infinite read loop in sparse_dump_region in sparse.c) by
  modifying a file that is supposed to be archived by a different user's
  process (e.g., a system backup running as root).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24117
 - https://lists.gnu.org/archive/html/bug-tar/2019-01/msg00000.html
ID: MGASA-2019-0034
1	type: security
2	subject: GNU tar has been updated to fix CVE-2018-20482
3	CVE:
4	- CVE-2018-20482
5	src:
6	6:
7	core:
8	- tar-1.31-1.mga6
9	description: \|
10	GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage
11	during read access, which allows local users to cause a denial of
12	service (infinite read loop in sparse_dump_region in sparse.c) by
13	modifying a file that is supposed to be archived by a different user's
14	process (e.g., a system backup running as root).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=24117
17	- https://lists.gnu.org/archive/html/bug-tar/2019-01/msg00000.html
18	ID: MGASA-2019-0034