This update addresses CVE-2009-3589 with a patch to initialize the supplementary groups of processes that are run from user incrontabs. Without it, these processes run with the supplementary groups from the incrond process. These groups might include the group disk, e.g. when the incrond process was started using "service incrond start". Then the users allowed to create a incrontab table could access raw disk contents. There might also be other ways to exploit this vulnerability.
Please login to add feedback.