AOSA-2016-0020: Update Tar to 1.29-1
October 29, 2016
Please update your tar
package to version 1.29-1
.
A vulnerability in GNU Tar was recently discovered, now commonly known as the "Pointy Feather" or "POINTYFEATHER" vulnerability.
"GNU `tar' archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line."
And a CVE was assigned to this vulnerability:
CVE-2016-6321 (Reserved but not issued).
Relevant documentation: