It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
libtar-1.2.20-25.fc35
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
libtar-1.2.20-25.fc36
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
libtar-1.2.20-25.fc37
fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
