"GNU Tar and GNU Cpio are prone to a remote buffer-overflow
vulnerability because the applications fail to perform adequate boundary
checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code with the
privileges of the user running the affected application. Failed exploit
attempts will result in a denial-of-service condition.
This issue affects the following:
GNU Tar versions prior to 1.23
GNU Cpio versions prior to 2.11 "
It is recommended that tar and cpio be updated to the latest available
packages. For RHEL systems, this was fixed in: