Package "libtar-dev"

Name:	libtar-dev
Description:	C library for manipulating tar archives (development files)
Latest version:	1.2.20-8.1ubuntu0.24.04.1
Release:	noble (24.04)
Level:	security
Repository:	universe
Head package:	libtar
Homepage:	http://repo.or.cz/w/libtar.git

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libtar-dev"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libtar-dev" in Noble

Repository	Area	Version
base	universe	1.2.20-8.1build1
updates	universe	1.2.20-8.1ubuntu0.24.04.1

Changelog

Version: 1.2.20-8.1ubuntu0.24.04.1 2025-03-31 19:07:52 UTC

libtar (1.2.20-8.1ubuntu0.24.04.1) noble-security; urgency=medium * SECURITY UPDATE: Out of bounds read when header struct is 0 - debian/patches/CVE-2021-33643_33644.patch: Ensure that sz is greater than 0. - CVE-2021-33643 - CVE-2021-33644 * SECURITY UPDATE: Memory leak from failing to free t->th_buf.gnu_longlink - debian/patches/CVE-2021-33645_33646.patch: fix memory leak - CVE-2021-33645 - CVE-2021-33646 -- John Breton <email address hidden> Fri, 28 Mar 2025 14:39:01 -0400

CVE-2021-33643	An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longl
CVE-2021-33644	An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longn
CVE-2021-33645	The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
CVE-2021-33646	The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

About - Send Feedback to @ubuntu_updates

Package "libtar-dev"

Links

Download "libtar-dev"

Other versions of "libtar-dev" in Noble

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates