<= Back

AOSA-2016-0020: Update Tar to 1.29-1

Please update your tar package to version 1.29-1.

A vulnerability in GNU Tar was recently discovered, now commonly known as the "Pointy Feather" or "POINTYFEATHER" vulnerability.

"GNU `tar' archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line."

And a CVE was assigned to this vulnerability:

CVE-2016-6321 (Reserved but not issued).

Relevant documentation: