It was discovered that the /etc/cron.d/php cron job for php-session allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php . Packages for 2009.0 are provided as of the Extended Maintenance Program