The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
Created libtar tracking bugs for this issue:
Affects: fedora-all [bug 2121296]
The security fixes in question seem to be available in this source RPM package: https://repo.openeuler.org/openEuler-22.03-LTS/update/source/Packages/libtar-1.2.20-21.oe2203.src.rpm
(In reply to Sandipan Roy from comment #0)
this returns 404 not found
do we have a reproducer for the issue?
In reply to comment #8:
> (In reply to Sandipan Roy from comment #0)
> > https://www.openeuler.org/en/security/safety-bulletin/detail.
> > html?id=openEuler-SA-2022-1807
> this returns 404 not found
> do we have a reproducer for the issue?
I'm also seeing 404 now, I don't have any reproducer or test cases.
I got the correct link,
(In reply to Sandipan Roy from comment #10)
> I got the correct link,
thanks, but it doesn't seem to add anything valuable ...
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2023:2898 https://access.redhat.com/errata/RHSA-2023:2898
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):