USN-6543-1: GNU Tar vulnerability

Operations Manager

2 more products

24663

07 August 2024

12 July 2024

CLOSED

MEDIUM

CVE-2023-39804

Severity

medium

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 18.04

Description

It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-6543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: tar-scripts - 1.28-2.1ubuntu0.2+esm3 tar - 1.28-2.1ubuntu0.2+esm3 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions

  • Platform Automation Toolkit
    • 4.4.32 or greater
    • 5.0.25 or greater
    • 5.1.2 or greater
  • Operations Manager
    • 2.10.67 or greater
  • Tanzu Greenplum for Kubernetes
    • 2.0 or greater
  • Xenial Stemcells
    • 621.782 or greater
  • CF Deployment
    • 30.0.0 or greater

 

References

https://ubuntu.com/security/notices/USN-6543-1

https://www.cloudfoundry.org/blog/usn-6543-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24663

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6543-1

History

2023-12-11: Initial vulnerability report published.