Drupal has released a security update to address a critical vulnerability, caused by a bug in the PEAR Archive_Tar library, in a third-party library with documented or deployed exploits available in the wild.