| Package | libtar |
|---|---|
| Version | 1.2.20-7+deb10u1 (buster) |
| Related CVEs | CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 |
Multiple vulnerabilities have been fixed in libtar, a library for manipulating tar archives.
CVE-2021-33643
out-of-bounds read in gnu_longlink()
CVE-2021-33644
out-of-bounds read in gnu_longname()
CVE-2021-33645
memory leak in th_read()
CVE-2021-33646 memory leak in th_read()
For Debian 10 buster, these problems have been fixed in version 1.2.20-7+deb10u1.
We recommend that you upgrade your libtar packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.