#########################################################################
linuxconf is a GUI representation of linux configuration files
* Package: linuxconf 

Updated: 28-Aug-1998 

Problem:

*(28-Aug-1998) Security Fix:

A potential security hole has been found and fixed in the linuxconf package
in Red Hat Linux 5.1. No exploit is currently known. If the security hole is
exploited, hosts that you explicitly trust to administer linuxconf could be
capable of gaining root access. In older versions of linuxconf, the local
ethernet network is trusted by default (except when configured via BOOTP or
DHCP); in linuxconf-1.11r18-3rh, no hosts are trusted by default. The
linuxconf-1.11r18-3rh package fixes the security hole, and also fixes a
number of other small bugs that have been discovered since the last release.
SPARC users: This release does NOT fix the bug that keeps linuxconf from
displaying properly; the bug is in glibc, and a glibc update is waiting for
unrelated sparc bugs in glibc to be fixed. For now, run the command "rpm -e
gnome-linuxconf gecko" and you will be able to use linuxconf in its
less-nice-looking native mode. Sorry. We will soon release a glibc update
which will allow linuxconf to work correctly with gecko and gnome-linuxconf;
in the meantime, you do want to upgrade linuxconf because of the potential
security concern. *(01-Jun-1998) Security Fix:

The linuxconf package was setuid root. This creates the potential for
security holes that allow attackers to gain root access to your machine. 

You can immediately remove the danger by logging in as root and running the
command: 


	chmod -s /bin/linuxconf
	




We also recommend that you update to the latest version of linuxconf,
linuxconf-1.11r11-rh3, which fixes this bug.