Mandriva Linux Security Advisory 2009-345 – The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the –physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack. This update provides a fix for this vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/84452/MDVSA-2009-345.txt
Source: https://packetstormsecurity.com/files/84452/Mandriva-Linux-Security-Advisory-2009-345.html