CVE-2016-6321 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary file overwrite
Description	The GNU tar archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name(s) specified on the command line leading to arbitrary overwrite of files and directories inside the target directory.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-64	tar	1.29-1	1.29-2	Medium	Fixed	FS#51563

Date	Advisory	Group	Package	Severity	Type
03 Nov 2016	ASA-201611-11	AVG-64	tar	Medium	arbitrary file overwrite

References
https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt http://seclists.org/fulldisclosure/2016/Oct/96 http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea053