Published at LXer:
A vulnerability has been identified in GNU Tar, which could be exploited by malicious people to conduct directory traversal attacks. This flaw is due to errors in the "extract_archive()" and "extract_mangle()" functions when processing a "GNUTYPE_NAMES" record with a symbolic link, which could be exploited by attackers to overwrite arbitrary files by tricking a user into extracting a specially crafted archive.
Read More...