CVE-2006-6097

Priority
Description
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted
attackers to overwrite arbitrary files via a tar file that contains a
GNUTYPE_NAMES record with a symbolic link, which is not properly handled by
the extract_archive function in extract.c and extract_mangle function in
mangle.c, a variant of CVE-2002-1216.
Package
Source: tar (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-03-19 11:40:35 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)