SECURITY: Fedora 36 Update: libtar-1.2.20-25.fc36
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-50e8a1b51d
2022-09-04 22:43:39.751430
--------------------------------------------------------------------------------
Name : libtar
Product : Fedora 36
Version : 1.2.20
Release : 25.fc36
URL : http://repo.or.cz/libtar.git
Summary : Tar file manipulation API
Description :
libtar is a C library for manipulating tar archives. It supports both
the strict POSIX tar format and many of the commonly-used GNU
extensions.
--------------------------------------------------------------------------------
Update Information:
- fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646) -
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 26 2022 Kamil Dudka - 1.2.20-25
- fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
- fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
* Thu Jul 21 2022 Fedora Release Engineering - 1.2.20-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-50e8a1b51d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
A libtar security update has been released for Fedora 36.
