The GNU Tar program provides the ability to create tar archives, as well as various other kinds of manipulation.
A vulnerability have been discovered in GNU Tar. Please review the CVE identifier referenced below for details.
GNU Tar has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs via a V7 archive in which mtime has approximately 11 whitespace characters.
There is no known workaround at this time.
All GNU Tar users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/tar-1.34-r3"