It was reported [1],[2] that cronie would leak certain fd's. On systems where /etc/crontab is not world-readable this could be an information disclosure concern. This was introduced upstream in cronie 1.4.8 [3] and fixed in 1.4.9 [4], so the only version of cronie that is affected by this issue is 1.4.8. It was also patched in Fedora via cronie-1.4.8-2.fc15 (see [2] for those details). [1] https://bugzilla.novell.com/show_bug.cgi?id=786096 [2] https://bugzilla.redhat.com/show_bug.cgi?id=717505 [3] http://git.fedorahosted.org/cgit/cronie.git/commit/src/cron.c?id=acdf4ae8456888ed78201906ef528f4c28f54582 [4] http://git.fedorahosted.org/cgit/cronie.git/commit/src/cron.c?id=b19007ca9fddd62ecef3af4a7d2d252f1d5e0419 Statement: Not vulnerable. This issue did not affect the versions of cronie as shipped with Red Hat Enterprise Linux 6.