A buffer overflow has been found in Midnight Commander's virtual filesystem code. Specifically, a stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to execute arbitrary code during symlink conversion. Also see bug #113849 and bug #113850
Included in: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/i386/mc-4.6.0-8.4.i386.rpm
The patch was already included in 8.1, but at that time not announced as a security update (actually not announced at all). 8.4 should be pushed to the main update tree ASAP as this is a serious vulnerability and not every body runs or checks testing, so I assume 90% of people running Fedora are still vulnerable.