RH has released updates for tar and unzip: Description: The unzip and tar utilities are used for manipulating archives, which are multiple files stored inside of a single file. A directory traversal vulnerability in unzip version 5.42 and earlier, as well as GNU tar 1.13.19 and earlier, allows attackers to overwrite arbitrary files during archive extraction via a ".." (dot dot) in an extracted filename. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-1267 and CAN-2001-1268 to this issue. In addition, unzip version 5.42 and earlier also allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the "/" (slash) character. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-1269 to this issue. During testing of the fix to GNU tar, it was discovered that GNU tar 1.13.25 was still vulnerable to a modified version of the same problem. Red Hat has provided a patch to tar 1.3.25 to correct this problem. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0399 to this issue. It doesn't seem much of a problem unless you are running as root and don't look check the contents first. I thought that I'd ask to see if there was anything in the pipeline though. /Michael -- This space intentionally left non-blank.