The Qualys Research Labs reported an authorization bypass and a symlink attack in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation. Please refer to /usr/share/doc/multipath-tools/NEWS.Debian.gz for backwards-incompatible changes in this update.