GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/38628/info

"GNU Tar and GNU Cpio are prone to a remote buffer-overflow
vulnerability because the applications fail to perform adequate boundary
checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the
privileges of the user running the affected application. Failed exploit
attempts will result in a denial-of-service condition.

This issue affects the following:

GNU Tar versions prior to 1.23
GNU Cpio versions prior to 2.11 "

It is recommended that tar and cpio be updated to the latest available
packages. For RHEL systems, this was fixed in:

tar-1.15.1-23.0.1.el5_4.2
cpio-2.6-23.el5_4.1

Thanks,
Brian