Updated usermode packages are now available for Red Hat Linux 6.x and 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
The usermode package contains a binary (/usr/bin/userhelper), which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active.
If one of these programs supports internationalized text messages, a
malicious user can use the LANG or LC_ALL environment variables (which are inherited by userhelper and, in turn, any programs it runs) to
create a format-string exploit in these programs.
These updated packages also fix a problem due to an incorrect path
specification in the /usr/bin/shutdown wrapper script and close a potential security vulnerability in the userhelper binary.