[3.3] tar: extract pathname bypass (CVE-2016-6321)
GNU `tar’ archiver attempts to avoid path traversal attacks
by removing offending parts of the element name at extract.
This sanitizing leads to a vulnerability where the attacker
can bypass the path name(s) specified on the command line.
tar 1.14 to 1.29 (inclusive)
(from redmine: issue id 6399, created on 2016-10-27, closed on 2017-09-05)
- parent #6396 (closed)
- Revision 869908ea by Sergei Lukin on 2016-12-13T10:04:07Z:
main/tar: security upgrade - fixes #6399 CVE-2016-6321