Teemu Salmela has reported a security issue in GNU tar, which can be exploited by malicious people to overwrite arbitrary files.
The security issue is caused due to the "extract_archive()" function in extract.c and the "extract_mangle()" function in mangle.c still processing the deprecated "GNUTYPE_NAMES" record type containing symbolic links. This can be exploited to overwrite arbitrary files by e.g. tricking a user into unpacking a specially crafted tar file.
The security issue is reported in version 1.15.1 and 1.16. Other versions may also be affected.
One solution is for GNUTYPE_NAMES processing to be disabled by default.
*** This bug has been marked as a duplicate of 155901 ***