[3.3] tar: extract pathname bypass (CVE-2016-6321)
GNU `tar’ archiver attempts to avoid path traversal attacks
by removing offending parts of the element name at extract.
This sanitizing leads to a vulnerability where the attacker
can bypass the path name(s) specified on the command line.
Affected versions:
tar 1.14 to 1.29 (inclusive)
References:
http://seclists.org/fulldisclosure/2016/Oct/96
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Patch:
https://sintonen.fi/advisories/tar-extract-pathname-bypass.patch
(from redmine: issue id 6399, created on 2016-10-27, closed on 2017-09-05)
- Relations:
- parent #6396 (closed)
- Changesets:
- Revision 869908ea by Sergei Lukin on 2016-12-13T10:04:07Z:
main/tar: security upgrade - fixes #6399
CVE-2016-6321