Package name
uim
Date
2005-02-24
Advisory ID
MDKSA-2005:046
Affected versions
10.1 i586 , 10.1 x86_64

Problem description

Takumi ASAKI discovered that uim always trusts environment variables which can allow a local attacker to obtain elevated privileges when libuim is linked against an suid/sgid application. This problem is only exploitable in 'immodule for Qt' enabled Qt applications. The updated packages are patched to fix the problem.

Updated packages

10.1 i586

 5477bc5c4be9e4c34944d69f558d1562  10.1/RPMS/libuim0-0.4.5.1-0.1.101mdk.i586.rpm
40e98fd3aba12bf634eb5c492ddc73ed  10.1/RPMS/libuim0-devel-0.4.5.1-0.1.101mdk.i586.rpm
c4f44fbe1f4986ab191f6def69805cdf  10.1/RPMS/uim-0.4.5.1-0.1.101mdk.i586.rpm
03dffbf84de9c95bd6edee1515a83b66  10.1/RPMS/uim-applet-0.4.5.1-0.1.101mdk.i586.rpm
178aafea38d8c35beb9ade48ec4e8417  10.1/SRPMS/uim-0.4.5.1-0.1.101mdk.src.rpm

10.1 x86_64

 6efd482e3618c59b37e8197f50fb5ef6  x86_64/10.1/RPMS/lib64uim0-0.4.5.1-0.1.101mdk.x86_64.rpm
26924174a640903a3767247ec3d12d93  x86_64/10.1/RPMS/lib64uim0-devel-0.4.5.1-0.1.101mdk.x86_64.rpm
5477bc5c4be9e4c34944d69f558d1562  x86_64/10.1/RPMS/libuim0-0.4.5.1-0.1.101mdk.i586.rpm
178aafea38d8c35beb9ade48ec4e8417  x86_64/10.1/SRPMS/uim-0.4.5.1-0.1.101mdk.src.rpm

References