This bug was fixed in the package tar - 1.34+dfsg-1.2ubuntu2
---------------
tar (1.34+dfsg-1.2ubuntu2) noble; urgency=medium
* SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
- debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
on the heap rather than the stack in src/xheader.c
- CVE-2023-39804
-- Alex Murray <alex.mur...@canonical.com> Tue, 05 Dec 2023 15:39:15
+1030
** Changed in: tar (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/2029464
Title:
A stack overflow in GNU Tar
Status in tar package in Ubuntu:
Fix Released
Bug description:
A stack overflow vulnerability exists in GNU Tar up to including v1.34, as
far as I can see, Ubuntu is using v1.3.
The bug exists in the function xattr_decoder() in xheader.c, where alloca()
is used and it may overflow the stack if a sufficiently long xattr key is used.
The vulnerability can be triggered when extracting a tar/pax archive that
contains such a long xattr key.
Vulnerable code:
https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723
PoC tar archive is attached in a zip archive to reduce the size.
I reported the vulnerability yesterday to GNU Tar maintainers and they
replied that the issue was fixed in the version that was released two
weeks ago:
"Sergey fixed that bug here:
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
and the fix appears in tar 1.35, released July 18.
"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/2029464/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
