Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link. For the stable distribution (sarge), this problem has been fixed in version 1.14-2.3. For the unstable distribution (sid) and the forthcoming stable release (etch), this problem will be fixed in version 1.16-2. We recommend that you upgrade your tar package.
Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.
For the stable distribution (sarge), this problem has been fixed in version 1.14-2.3.
For the unstable distribution (sid) and the forthcoming stable release (etch), this problem will be fixed in version 1.16-2.
We recommend that you upgrade your tar package.
MD5 checksums of the listed files are available in the original advisory.