Perl Archive::Tar module is prone to a directory-traversal vulnerability because it fails to validate user-supplied data. A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks. Note that all applications using Perl Archive::Tar module may be affected.

Updates are available. Please see the references for more information.

• http://rt.cpan.org/Public/Bug/Display.html?id=30380
• http://search.cpan.org/~kane/Archive-Tar-1.36/lib/Archive/Tar.pm
• https://issues.rpath.com/browse/RPL-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
• https://www.securityfocus.com/bid/26355

---

Updated on 2015-03-25