It was reported  that bsdcpio tool from libarchive bundle is susceptible to a directory traversal vulnerability via absolute paths.
Proposed (minimal) fix (non-Windows):
Discussion is ongoing, no upstream fix is available yet.
Created libarchive tracking bugs for this issue:
Affects: fedora-all [bug 1192488]
Affects: epel-all [bug 1192489]
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.