{"id":"MGASA-2016-0386","summary":"Updated tar packages fix security vulnerability","details":"Harry Sintonen discovered that GNU tar does not properly handle member\nnames containing '..', thus allowing an attacker to bypass the path names\nspecified on the command line and replace files and directories in the\ntarget directory (CVE-2016-6321).\n","modified":"2026-04-16T06:22:29.085409076Z","published":"2016-11-17T23:40:52Z","upstream":["CVE-2016-6321"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0386.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19696"},{"type":"WEB","url":"https://www.debian.org/security/2016/dsa-3702"}],"affected":[{"package":{"name":"tar","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/tar?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.28-3.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0386.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}