[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-desktop
Subject: [gentoo-desktop] GLSA: acroread
From: Seemant Kulleen <seemant () gentoo ! org>
Date: 2002-07-07 23:02:18
[Download RAW message or body]
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : acroread -- Adobe Acrobat Reader
SUMMARY : security vulnerability in acroread
DATE : Sun Jul 7 23:02:04 UTC 2002
- -----------------------------------------------------------------------
OVERVIEW
There is a temp file vulnerability that can be used to access user
accounts, and possibly gain system priveleges.
DETAIL
Acroread creates or overwrites the file /tmp/AdobeFnt06.lst.UID, and
changes its permissions to wide open (mode 666); it also follows
symlinks.
http://bugs.gentoo.org/show_bug.cgi?id=4657
http://online.securityfocus.com/archive/1/278984
SOLUTION
It is recommended that all Gentoo Linux users who are running acroread
update their systems as follows.
emerge --clean rsync
emerge unmerge acroread
emerge xpdf
For now, the acroread ebuild will issue a warning to users to unmerge the
package, and will proceed to emerge xpdf, for use as a pdf document
viewer.
- ------------------------------------------------------------------------
jago@telefragged.com
seemant@gentoo.org
drobbins@gentoo.org
- ------------------------------------------------------------------------
--
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux http://www.gentoo.org/~seemant
_______________________________________________
gentoo-desktop mailing list
gentoo-desktop@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-desktop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic