I read this document but had a little trouble understanding it at first: "Vulnerability: POINTYFEATHER aka Tar extract pathname bypass": Tar will happily extract files & directories into an arbitrary location when supplied with a suitably crafted archive file. If a target system is extracting an attacker supplied file, the vulnerability can be exploited to gain file overwrite capability. So, some notes: tar has a long history of security issues. For example, tar files can contain paths like /...
