A symlink vulnerability was found in the javareconf script in R that allows local users to overwrite arbitrary files . The updated packages have been patched to prevent this issue.