[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) – patch update

Posted by Harry Sintonen on Oct 30

Update on the advisory: As pointed out by several people, the ERROR
macro did’t fail the operation in a desired way: Files were still
being created by tar. In order to really stop tar from doing silly
things, FATAL_ERROR macro needs to be used instead.

The patch has now been updated accordingly.

Updated Advisory:
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt

Updated Patch:…

Leave a Reply