View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2006-6097 severity low: SUSE including 19 source package names (tar, tar-1.20-23.23.1, …), 45 product×package rows across 20 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 7, … (20 product lines)): Known Not Affected 28, Fixed 17.
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.