/usr/bin/jwhois in current Fedora 15 (+updates-testing) is group-writable. This is not really a vulnerability, but it might be easier for an attacker to obtain gid=0 than to obtain uid=0 (at the very least, uid=0 trivially implies the ability to get gid=0).
Therefore I think it is a good idea to could change /usr/bin/jwhois to not be writable by group: it would somewhat increase security of the system, for very little effort.
jwhois-4.0-27.fc15 has been submitted as an update for Fedora 15.
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing jwhois-4.0-27.fc15'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
jwhois-4.0-27.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.