A path traversal flaw was discovered in the way star extracted archives. A
malicious user could create a tar archive that would cause star to write to
arbitrary files to which the user running star had write access.
(CVE-2007-4134)
As well, this update adds the command line argument "-.." to the Red Hat
Enterprise Linux 3 version of star. This allows star to extract files
containing "/../" in their pathname.