Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-announce
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-announce@g.o, gentoo-users@g.o, gentoo-dev@g.o, gentoo-core@g.o, lwn@..., gentoo-newbies@g.o, gentoo-security@g.o, gentoo-desktop@g.o, gentoo-user-es@g.o
From: Seemant Kulleen <seemant@g.o>
Subject: GLSA: acroread
Date: Sun, 7 Jul 2002 16:02:18 -0700
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : acroread  -- Adobe Acrobat Reader
SUMMARY         : security vulnerability in acroread
DATE            : Sun Jul  7 23:02:04 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

There is a temp file vulnerability that can be used to access user
accounts, and possibly gain system priveleges.

DETAIL


Acroread creates or overwrites the file /tmp/AdobeFnt06.lst.UID, and
changes its permissions to wide open (mode 666); it also follows
symlinks.

http://bugs.gentoo.org/show_bug.cgi?id=4657
http://online.securityfocus.com/archive/1/278984

SOLUTION

It is recommended that all Gentoo Linux users who are running acroread
update their systems as follows.

emerge --clean rsync
emerge unmerge acroread
emerge xpdf

For now, the acroread ebuild will issue a warning to users to unmerge the
package, and will proceed to emerge xpdf, for use as a pdf document
viewer.

- ------------------------------------------------------------------------
jago@...
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------

-- 
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux					http://www.gentoo.org/~seemant

Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Announce: GCC-2.95.3
Next by thread:
GLSA: glibc
Previous by date:
Announce: GCC-2.95.3
Next by date:
GLSA: glibc


Updated Jun 17, 2009

Summary: Archive of the gentoo-announce mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.