Packages
- tar - GNU tar archive utility
Details
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression
that could cause tar to fail to extract certain valid files.
This update fixes the problem.
Original advisory details:
It was discovered that tar incorrectly handled certain crafted archive files.
An attacker could possibly use this to inject hidden files with
attacker-controlled content, bypassing pre-extraction inspection mechanisms.
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression
that could cause tar to fail to extract certain valid files.
This update fixes the problem.
Original advisory details:
It was discovered that tar incorrectly handled certain crafted archive files.
An attacker could possibly use this to inject hidden files with
attacker-controlled content, bypassing pre-extraction inspection mechanisms.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | tar – 1.35+dfsg-4ubuntu0.3 | ||
| 24.04 LTS noble | tar – 1.35+dfsg-3ubuntu0.3 | ||
| 22.04 LTS jammy | tar – 1.34+dfsg-1ubuntu0.1.22.04.5 | ||
| 20.04 LTS focal | tar – 1.30+dfsg-7ubuntu0.20.04.4+esm2 | ||
| 18.04 LTS bionic | tar – 1.29b-2ubuntu0.4+esm3 | ||
| 16.04 LTS xenial | tar – 1.28-2.1ubuntu0.2+esm5 | ||
| 14.04 LTS trusty | tar – 1.27.1-1ubuntu0.1+esm6 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.