UIM maintainer (TOKUNAGA Hiroyuki, tkng@xem.jp) states that there is a privilege escalation vulnerability in UIM version that are not 0.4.9.1 and 0.5.0.1 (the most recent versions, and these were just added to portage [~'ed]). From http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html: uim-0.4.9.1 is released. This release is for *security fix*. http://uim.freedesktop.org/releases/uim-0.4.9.1.tar.gz sha1sum:9037499c47187aeee758ee2bfd60ba9d7d4f40ec uim-0.4.9.1.tar.gz All uim releases except 0.4.9.1 and 0.5.0.1 have a security hole. If you are using setuid/setgid application which is linked to libuim, you have to upgrade uim. Brief of the bug ================ Vulnerability : privilege escalation Problem-Type : local Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim. This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.) In some distribution, mlterm is also an setuid/setgid application. Changes between 0.4.9 to 0.4.9.1 ================================ * Fixed incorrect use of environment variables. and http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html: uim-0.5.0.1 is released. This release is for *security fix*. http://uim.freedesktop.org/releases/uim-0.5.0.1.tar.gz sha1sum:d489003205c0e3a24d611e72d0b780ce35bf7474 uim-0.5.0.1.tar.gz All uim releases except 0.4.9.1 and 0.5.0.1 have a security hole. If you are using setuid/setgid application which is linked to libuim, you have to upgrade uim. Brief of the bug ================ Vulnerability : privilege escalation Problem-Type : local Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim. This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.) In some distribution, mlterm is also an setuid/setgid application. Changes between 0.5.0 to 0.5.0.1 ================================ * Fixed incorrect use of environment variables. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Specific location of UIM in portage is app-i18n/uim.
Not sure any privileged package in Portage links to uim, but should be fixed nevertheless... it's already in portage thanks to usata. Arches should test and mark stable 0.4.9.1 or 0.5.0.1, Target KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
amd64 stable (0.5.0.1)
alpha stable (0.5.0.1)
0.5.0.1 @ sparc stable.
stable on ppc64
Stable on ppc.
x86 done
Ready for GLSA
GLSA 200510-03