GNU `tar" archiver attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path name specified on the command line. Affected versions tar 1.14 to 1.29