GNU Tar is prone to a directory-traversal vulnerability. This issue occurs because the application fails to validate user-supplied data.Malicious tarballs possible. Hey ho. At least they've patched rsync.
A successful attack can allow the attacker to overwrite files on a computer in the context of the user running the affected application. Successful exploits may aid in further attacks.