A vulnerability was discovered and corrected in acl: The setfacl and getfacl commands in XFS acl 2.2.47, when running in recursive mode, follow symbolic links even when the --physical or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack . This update provides a fix for this vulnerability.