ELA-69-1 tar security update

Denial of service vulnerability

Packagetar
Version1.26+dfsg-0.1+deb7u2
Related CVE CVE-2018-20482

A denial of service vulnerability was discovered in tar, the GNU version of the tar UNIX archiving utility.

The –sparse argument looped endlessly if the file shrank whilst it was being read. Tar would only break out of this endless loop if the file grew again to (or beyond) its original end of file.

For Debian 7 Wheezy, these problems have been fixed in version 1.26+dfsg-0.1+deb7u2.

We recommend that you upgrade your tar packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/