Gentoo Security Advisory GLSA 200411-22 (davfs2)

Summary
The remote host is missing updates announced in advisory GLSA 200411-22.
Solution
All Davfs2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/davfs2-0.2.2-r1' All lvm-user users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-fs/lvm-user-1.0.7-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-22 http://bugs.gentoo.org/show_bug.cgi?id=68406 http://bugs.gentoo.org/show_bug.cgi?id=69149
Insight
Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them.