ALAS-2023-1755


Amazon Linux 1 Security Advisory: ALAS-2023-1755
Advisory Release Date: 2023-05-25 17:41 Pacific
Advisory Updated Date: 2023-06-06 18:36 Pacific
Severity: Medium

Issue Overview:

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. (CVE-2019-9923)


Affected Packages:

tar


Issue Correction:
Run yum update tar to update your system.

New Packages:
i686:
    tar-1.26-31.24.amzn1.i686
    tar-debuginfo-1.26-31.24.amzn1.i686

src:
    tar-1.26-31.24.amzn1.src

x86_64:
    tar-debuginfo-1.26-31.24.amzn1.x86_64
    tar-1.26-31.24.amzn1.x86_64