Hi, A bunch of format string vulnerabilities in "startinnfeed" have just been reported to Bugtraq. startinnfeed is suid-root. However it's not as serious as it could be because startinnfeed is only executable by group "news". Furthermore, RH7.0 full install does not seem to have any sgid-news executables. Older distributions could be in danger, however; I know that there used to exist sgid-news executables. And there have been holes in these! Thought I'd better file a report :-)
should have no security impact. Thanks for reporting this.