Slackware-current ChangeLog (2023-03-24)

Fri Mar 24 19:42:46 UTC 2023

  • a/tar-1.34-i586-3.txz
    GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
    of uninitialized memory for a conditional jump. Exploitation to change the
    flow of control has not been demonstrated. The issue occurs in from_header
    in list.c via a V7 archive in which mtime has approximately 11 whitespace
    characters.
    Thanks to marav for the heads-up.
    For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-48303
    (* Security fix *)
  • news/2023/03/24/slackware-current-changelog.txt
  • Last modified: 12 months ago
  • by Giuseppe Di Terlizzi