|
|
Family: Debian Local Security Checks --> Category: infos
[DSA895] DSA-895-1 uim Vulnerability Scan
Vulnerability Scan Summary
DSA-895-1 uim
Detailed Explanation for this Vulnerability Test
Masanari Yamamoto discovered incorrect use of environment variables in
uim, a flexible input method collection and library, that could lead
to escalated rights in setuid/setgid applications linked to
libuim. Affected in Debian is at least mlterm.
The old stable distribution (woody) does not contain uim packages.
For the stable distribution (sarge) this problem has been fixed in
version 0.4.6final1-3sarge1.
For the unstable distribution (sid) this problem has been fixed in
version 0.4.7-2.
We recommend that you upgrade your libuim packages.
Solution : http://www.debian.org/security/2005/dsa-895
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
