Multiple vulnerabilities were found in pax-utils and fixed in latest release. References: http://seclists.org/oss-sec/2017/q1/255 http://seclists.org/oss-sec/2017/q1/256
Fedora has pax-utils-1.2.2 in updates-testing already...
Created pax-utils tracking bugs for this issue: Affects: epel-5 [bug 1420308] Affects: epel-6 [bug 1420309]
Another bunch of issues were reported to the oss-security. http://seclists.org/oss-sec/2017/q1/310 http://seclists.org/oss-sec/2017/q1/309 http://seclists.org/oss-sec/2017/q1/308