Explore top 10 tips to secure your open-source projects now. Read More
×This package contains the getfacl and setfacl utilities needed for
manipulating access control lists.
Update Information:
rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370 Resolves: CVE-2026-54369 Resolves: CVE-2026-54370
* Thu Jul 9 2026 Lukáš Zaoral
[ 1 ] Bug #2494173 - CVE-2026-54370 acl: TOCTOU Symlink Traversal via getfacl/setfacl [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494173
[ 2 ] Bug #2494174 - CVE-2026-54369 acl: Symlink traversal privilege escalation via libacl functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494174
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6b9a652463' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
Get the latest Linux and open source security news straight to your inbox.