http://www.securitytracker.com/alert...b/1015655.html

Description: A vulnerability was reported in Tar on Red Hat Enterprise Linux. A remote user can cause files to be written to the target user's system.

The Red Hat backported security patch for an older vulnerability (CVE-2002-0399) did not properly correct the original vulnerability.

The original vulnerability was a path traversal flaw in the extraction of GNU tar archives. A remote user can create a specially crafted archive that, when extracted by the target user, will write arbitrary files with the privileges of the target user.

Impact: A remote user may be able to cause files to be written to the target user's system with the privileges of the target user.

Solution: Red Hat has issued the following fixes:

*Visit the link for updates, patches, and filenames.*