Amazon Linux 1 Security Advisory: ALAS-2023-1704
Advisory Release Date: 2023-03-17 15:53 Pacific
Advisory Updated Date: 2023-03-22 18:51 Pacific
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. (CVE-2022-48303)
Affected Packages:
tar
Issue Correction:
Run yum update tar to update your system.
i686:
tar-1.26-31.23.amzn1.i686
tar-debuginfo-1.26-31.23.amzn1.i686
src:
tar-1.26-31.23.amzn1.src
x86_64:
tar-1.26-31.23.amzn1.x86_64
tar-debuginfo-1.26-31.23.amzn1.x86_64