A flaw
was discovered in FAM’s group handling. In the effect users
are unable to read FAM directories they have group read and execute
permissions on. However, also unprivileged users can potentially
learn names of files that only users in root’s group should be able to
view.
This problem been fixed in version 2.6.6.1-5.2 for the current stable
stable distribution (woody) and in version 2.6.8-1 (or any later
version) for the unstable distribution (sid). The old stable
distribution (potato) is not affected, since it doesn’t contain fam
packages.
We recommend that you upgrade your fam packages.