Hi all, <p> If you haven't been regularly updating your system using yum, urpmi, or yast, I strongly recommend you update your Webmin and Usermin packages immediately. A local file access exploit exists for all versions of Webmin and Usermin prior to 1.290 and 1.220, respectively, which would allow an attacker to gain access to the shadow password file. This, in itself, would not reveal passwords, but a brute force attack on the encrypted passwords contained within is made remarkably easier and faster with access to the file. <p> The updates to correct this issue have been in the repository since June 28th, but it's not always easy to remember to update regularly, and at least one user has experienced an account compromise due to this exploit combined with a weak password. <p> To upgrade on Red Hat based systems: <p> yum update webmin usermin <p> On SUSE systems: <p> yast -i webmin usermin <p> And on Mandriva systems: <p> urpmi webmin usermin <p> Please let us know of any problems, by filing a bug in the bug tracker.