CentOS Errata and Security Advisory CESA-2006:0749-01
The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive.
Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097)
Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-December/025469.html
Affected packages: tar
Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html