[3.8] tar: Infinite read loop in sparse_dump_region function in sparse.c (CVE-2018-20482)
GNU Tar through 1.30, when —sparse is used, mishandles file shrinkage
during read access, which allows local users to cause
a denial of service (infinite read loop in sparse_dump_region in
sparse.c) by modifying a file that is supposed to be archived by
a different user’s process (e.g., a system backup running as root).
References:
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
https://nvd.nist.gov/vuln/detail/CVE-2018-20482
Patch:
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
(from redmine: issue id 9848, created on 2019-01-10, closed on 2019-01-18)
- Relations:
- parent #9847 (closed)
- Changesets:
- Revision 0119db77 on 2019-01-17T15:19:23Z:
main/tar: security upgrade to 1.31
fixes #9848