{"schema_version":"1.7.2","id":"OESA-2023-1008","modified":"2023-01-06T11:04:45Z","published":"2023-01-06T11:04:45Z","upstream":["CVE-2021-33640"],"summary":"libtar security update","details":"Libtar is a C library for manipulating POSIX tar files. It handles adding and extracting files to/from a tar archive. Requires gcc, make, and zlib.\r\n\r\nSecurity Fix(es):\r\n\r\nAfter tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t-\u0026gt;th_buf) . As a result, the released memory is used (use-after-free).(CVE-2021-33640)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"libtar","purl":"pkg:rpm/openEuler/libtar\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.20-22.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["libtar-debuginfo-1.2.20-22.oe2203sp1.aarch64.rpm","libtar-debugsource-1.2.20-22.oe2203sp1.aarch64.rpm","libtar-help-1.2.20-22.oe2203sp1.aarch64.rpm","libtar-devel-1.2.20-22.oe2203sp1.aarch64.rpm","libtar-1.2.20-22.oe2203sp1.aarch64.rpm"],"src":["libtar-1.2.20-22.oe2203sp1.src.rpm"],"x86_64":["libtar-help-1.2.20-22.oe2203sp1.x86_64.rpm","libtar-devel-1.2.20-22.oe2203sp1.x86_64.rpm","libtar-1.2.20-22.oe2203sp1.x86_64.rpm","libtar-debugsource-1.2.20-22.oe2203sp1.x86_64.rpm","libtar-debuginfo-1.2.20-22.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1008"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33640"}],"database_specific":{"severity":"Medium"}}