Teemu Salmela has reported a security issue in GNU tar, which can be exploited by malicious people to overwrite arbitrary files. The security issue is caused due to the "extract_archive()" function in extract.c and the "extract_mangle()" function in mangle.c still processing the deprecated "GNUTYPE_NAMES" record type containing symbolic links. This can be exploited to overwrite arbitrary files by e.g. tricking a user into unpacking a specially crafted tar file. The security issue is reported in version 1.15.1 and 1.16. Other versions may also be affected. One solution is for GNUTYPE_NAMES processing to be disabled by default. Original Advisory: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html https://savannah.gnu.org/bugs/index.php?18355
*** This bug has been marked as a duplicate of 155901 ***