tar-1.29-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10382-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z tar-1.29-2.1 on GA media These are all security issues fixed in the tar-1.29-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10382 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2010-0624/ SUSE CVE CVE-2010-0624 page https://www.suse.com/security/cve/CVE-2016-6321/ SUSE CVE CVE-2016-6321 page openSUSE Tumbleweed tar-1.29-2.1 tar-backup-scripts-1.29-2.1 tar-lang-1.29-2.1 tar-tests-1.29-2.1 tar-1.29-2.1 as a component of openSUSE Tumbleweed tar-backup-scripts-1.29-2.1 as a component of openSUSE Tumbleweed tar-lang-1.29-2.1 as a component of openSUSE Tumbleweed tar-tests-1.29-2.1 as a component of openSUSE Tumbleweed Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. CVE-2010-0624 openSUSE Tumbleweed:tar-1.29-2.1 openSUSE Tumbleweed:tar-backup-scripts-1.29-2.1 openSUSE Tumbleweed:tar-lang-1.29-2.1 openSUSE Tumbleweed:tar-tests-1.29-2.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-0624.html CVE-2010-0624 https://bugzilla.suse.com/579475 SUSE Bug 579475 https://bugzilla.suse.com/608034 SUSE Bug 608034 Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. CVE-2016-6321 openSUSE Tumbleweed:tar-1.29-2.1 openSUSE Tumbleweed:tar-backup-scripts-1.29-2.1 openSUSE Tumbleweed:tar-lang-1.29-2.1 openSUSE Tumbleweed:tar-tests-1.29-2.1 low 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6321.html CVE-2016-6321 https://bugzilla.suse.com/1007188 SUSE Bug 1007188 https://bugzilla.suse.com/1123796 SUSE Bug 1123796