Advisories MDVSA-2009:345: acl

[paul]

A vulnerability was discovered and corrected in acl:

 

The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when

running in recursive (-R) mode, follow symbolic links even when the

--physical (aka -P) or -L option is specified, which might allow

local users to modify the ACL for arbitrary files or directories via

a symlink attack (CVE-2009-4411).

 

This update provides a fix for this vulnerability.