Package name
Advisory ID
Affected versions
8.1 i586

Problem description

A problem exists in the jmcce program that is used for Chinese text on the console. jmcce is installed setuid root and places log files in /tmp; because jmcce does not perform suitable checking on the files it writes to and because it uses a predictable logfile name, an attacker could exploit this to arbitrarily overwrite any file on the system.

Updated packages

8.1 i586

 fd002f1c3d0a054f51815734c3affa07  8.1/RPMS/jmcce-1.3-9.1mdk.i586.rpm
edac902fd61b8f21072abb71e49d0fb3  8.1/SRPMS/jmcce-1.3-9.1mdk.src.rpm