tar security update

CentOS Errata and Security Advisory CESA-2007:0860

The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive.

A path traversal flaw was discovered in the way GNU tar extracted archives.
A malicious user could create a tar archive that could write to arbitrary
files to which the user running GNU tar had write access. (CVE-2007-4131)

Red Hat would like to thank Dmitry V. Levin for reporting this issue.

Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-August/076311.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076312.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076313.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076314.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076315.html
https://lists.centos.org/pipermail/centos-announce/2007-August/076316.html

Affected packages:
tar

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0860