Today I read an article on a vulnerability in ISC's DHCP client.

Apparently a specially crafted DHCP response can trigger a buffer overflow in the client and allow arbitrary code execution.

Because the DHCP client runs as root to allow it to modify network settings, it means that any code executed by the exploit is run as root.

Although this is clearly very bad, you still have to have the attacker running a DHCP server from within your local area network. If this was the case then a remote exploit of the DHCP client is likely the least of your worries, as the attacker could modify your network settings to route all your network traffic through itself and potentially monitor all your network traffic for passwords, or redirect you to fake web sites to gather your login credentials.

RHEL and Fedora are not affected thankfully.