CVE-2018-20482

Priority
Description
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage
during read access, which allows local users to cause a denial of service
(infinite read loop in sparse_dump_region in sparse.c) by modifying a file
that is supposed to be archived by a different user's process (e.g., a
system backup running as root).
Notes
Package
Source: tar (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (1.30+dfsg-5)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.30+dfsg-6)
Ubuntu 20.04 (Focal Fossa):not-affected (1.30+dfsg-6)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
More Information

Updated: 2019-12-05 19:55:46 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)