Ubuntu Security Notice 3132-1 - Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files.
82a69e51a38cce1aed5947f726654c16554c637877b98ca50d8794a1d1ad0663
Gentoo Linux Security Advisory 201611-19 - A path traversal attack in Tar may lead to the remote execution of arbitrary code. Versions less than 1.29-r1 are affected.
61af9c3e2fef42cd67d49fe15711105155cf77af77c4e6aaa875cbb347291165
The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29 are affected.
9872f2b8fb9c8365d6367de929e2a9d9f3744c7e6f836aad204d328392324992