[3.4] tar: extract pathname bypass (CVE-2016-6321)
GNU `tar’ archiver attempts to avoid path traversal attacks
by removing offending parts of the element name at extract.
This sanitizing leads to a vulnerability where the attacker
can bypass the path name(s) specified on the command line.
Affected versions:
tar 1.14 to 1.29 (inclusive)
References:
http://seclists.org/fulldisclosure/2016/Oct/96
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Patch:
https://sintonen.fi/advisories/tar-extract-pathname-bypass.patch
(from redmine: issue id 6398, created on 2016-10-27, closed on 2017-09-05)
- Relations:
- parent #6396 (closed)
- Changesets:
- Revision 793c3acf on 2016-11-08T11:15:58Z:
main/tar: fix for CVE-2016-6321
Upstream patch without the changes to the NEWS file.
fixes #6398