Nitro
Bodhisattva
Joined: 08 Apr 2002
Posts: 661
Location: San Francisco
|
 Posted: Mon Jul 08, 2002 7:37 pm Post subject: [gentoo-announce] GLSA: acroread |
 |
|
| Seemant Kulleen wrote: | - -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : acroread -- Adobe Acrobat Reader
SUMMARY : security vulnerability in acroread
DATE : Sun Jul 7 23:02:04 UTC 2002
- -----------------------------------------------------------------------
OVERVIEW
There is a temp file vulnerability that can be used to access user accounts, and possibly gain system priveleges.
DETAIL
Acroread creates or overwrites the file /tmp/AdobeFnt06.lst.UID, and changes its permissions to wide open (mode 666); it also follows symlinks.
https://bugs.gentoo.org/show_bug.cgi?id=4657
http://online.securityfocus.com/archive/1/278984
SOLUTION
It is recommended that all Gentoo Linux users who are running acroread update their systems as follows.
emerge --clean rsync
emerge unmerge acroread
emerge xpdf
For now, the acroread ebuild will issue a warning to users to unmerge the package, and will proceed to emerge xpdf, for use as a pdf document viewer.
- ------------------------------------------------------------------------
jago@telefragged.com
seemant@gentoo.org
drobbins@gentoo.org
- ------------------------------------------------------------------------
--
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux http://www.gentoo.org/~seemant
|
Mailing list archive: http://lists.gentoo.org/pipermail/gentoo-announce/2002-July/000173.html
_________________
- Kyle Manna
Please, please SEARCH before posting.
There are three kinds of people in the world: those who can count, and those who can't. |
|
News & Announcements
