Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
| Navigation: |
|
Lists:
gentoo-announce:
< Prev
By Thread
Next >
< Prev
By Date
Next >
|
| Headers: |
|
To:
|
gentoo-announce@g.o, gentoo-users@g.o, gentoo-dev@g.o, gentoo-core@g.o, lwn@..., gentoo-newbies@g.o, gentoo-security@g.o, gentoo-desktop@g.o, gentoo-user-es@g.o
|
|
From:
|
Seemant Kulleen <seemant@g.o>
|
|
Subject:
|
GLSA: acroread
|
|
Date:
|
Sun, 7 Jul 2002 16:02:18 -0700
|
|
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : acroread -- Adobe Acrobat Reader
SUMMARY : security vulnerability in acroread
DATE : Sun Jul 7 23:02:04 UTC 2002
- -----------------------------------------------------------------------
OVERVIEW
There is a temp file vulnerability that can be used to access user
accounts, and possibly gain system priveleges.
DETAIL
Acroread creates or overwrites the file /tmp/AdobeFnt06.lst.UID, and
changes its permissions to wide open (mode 666); it also follows
symlinks.
http://bugs.gentoo.org/show_bug.cgi?id=4657
http://online.securityfocus.com/archive/1/278984
SOLUTION
It is recommended that all Gentoo Linux users who are running acroread
update their systems as follows.
emerge --clean rsync
emerge unmerge acroread
emerge xpdf
For now, the acroread ebuild will issue a warning to users to unmerge the
package, and will proceed to emerge xpdf, for use as a pdf document
viewer.
- ------------------------------------------------------------------------
jago@...
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------
--
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux http://www.gentoo.org/~seemant
|
|
