This message was posted to full-disclosure http://lists.netsys.com/pipermail/full-disclosure/2004-October/027348.html after decoding it, it basically says there is a directory traversal hole in unarj. It is possible for an attacker to create a specially crafted arj archive, which when a user extracts with the x flag, it is possible for a file to be placed anywhere the user running arj has write permissions.
attachment 106504 [details] contains a demo exploit for this issue.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-007.html