ArchLinux: 201611-11: tar: arbitrary file overwrite
Summary
The GNU tar archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name(s) specified on the command line leading to arbitrary overwrite of files and directories inside the target directory.
Resolution
Upgrade to 1.29-2.
# pacman -Syu "tar>=1.29-2"
The problem has been fixed upstream but no release is available yet.
References
https://bugs.archlinux.org/task/51563 https://seclists.org/fulldisclosure/2016/Oct/96 http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea053 https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt https://access.redhat.com/security/cve/CVE-2016-6321
![Dist Arch](/images/distros/dist-arch.png)
Workaround
None.