Amazon Linux 2023 Security Advisory: ALAS-2023-153
Advisory Release Date: 2023-03-30 21:11 Pacific
Advisory Updated Date: 2023-04-04 21:33 Pacific
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. (CVE-2022-48303)
Affected Packages:
tar
Issue Correction:
Run dnf update tar --releasever=2023.0.20230329 to update your system.
aarch64:
tar-debuginfo-1.34-1.amzn2023.0.3.aarch64
tar-1.34-1.amzn2023.0.3.aarch64
tar-debugsource-1.34-1.amzn2023.0.3.aarch64
src:
tar-1.34-1.amzn2023.0.3.src
x86_64:
tar-debuginfo-1.34-1.amzn2023.0.3.x86_64
tar-1.34-1.amzn2023.0.3.x86_64
tar-debugsource-1.34-1.amzn2023.0.3.x86_64