LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 28, 2008

Fedora, Red Hat, and distributor security

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Gentoo alert acroread-20020707 (acroread)



From:
    	      Seemant Kulleen <seemant@gentoo.org>


To:
    	      gentoo-announce@gentoo.org, gentoo-users@gentoo.org,
 gentoo-dev@gentoo.org, gentoo-core@gentoo.org, lwn@lwn.net,
 gentoo-newbies@gentoo.org, gentoo-security@gentoo.org,
 gentoo-desktop@gentoo.org, gentoo-user-es@gentoo.org


Subject:
    	      GLSA: acroread


Date:
    	      Sun, 7 Jul 2002 16:02:18 -0700



- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : acroread  -- Adobe Acrobat Reader
SUMMARY         : security vulnerability in acroread
DATE            : Sun Jul  7 23:02:04 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

There is a temp file vulnerability that can be used to access user
accounts, and possibly gain system priveleges.

DETAIL


Acroread creates or overwrites the file /tmp/AdobeFnt06.lst.UID, and
changes its permissions to wide open (mode 666); it also follows
symlinks.

http://bugs.gentoo.org/show_bug.cgi?id=4657
http://online.securityfocus.com/archive/1/278984

SOLUTION

It is recommended that all Gentoo Linux users who are running acroread
update their systems as follows.

emerge --clean rsync
emerge unmerge acroread
emerge xpdf

For now, the acroread ebuild will issue a warning to users to unmerge the
package, and will proceed to emerge xpdf, for use as a pdf document
viewer.

- ------------------------------------------------------------------------
jago@telefragged.com
seemant@gentoo.org
drobbins@gentoo.org
- ------------------------------------------------------------------------

-- 
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux					http://www.gentoo.org/~seemant
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds