Debian Security Advisory DSA 895-1 (uim) Network Vulnerability

Summary

The remote host is missing an update to uim announced via advisory DSA 895-1. Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm. The old stable distribution (woody) does not contain uim packags.

Solution

For the stable distribution (sarge) this problem has been fixed in version 0.4.6final1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.4.7-2. We recommend that you upgrade your libuim packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20895-1

Severity

Classification

CVE CVE-2005-3149

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1010-1 (ilohamail)
Debian Security Advisory DSA 025-1 (openssh)
Debian Security Advisory DSA 1075-1 (awstats)
Debian Security Advisory DSA 1076-1 (lynx)
Debian Security Advisory DSA 004-1 (nano)

Take action and discover your vulnerabilities