4657 – [app-text/acroread]: temp file exploit vulnerability.

Bug 4657 - [app-text/acroread]: temp file exploit vulnerability.

Summary: [app-text/acroread]: temp file exploit vulnerability.

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	High major (vote)
Assignee:	Gentoo Linux bug wranglers

URL:	http://online.securityfocus.com/archi...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-07-07 16:34 UTC by Dan Naumov
Modified:	2003-02-04 19:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dan Naumov 2002-07-07 16:34:14 UTC

Accodring to a SecurityFocus advisory found at
http://online.securityfocus.com/archive/1/278984 Acroread 5.05 (as well as some
previous versions) have a major temp file explot vulnerability. I believe that 
it's in users best interest to mask this ebuild until Adobe fixes the issue.

Comment 1 Seemant Kulleen (RETIRED) gentoo-dev

2002-07-07 18:09:51 UTC

Thanks much for this Jago!  A Gentoo Linux Security Announcement has been sent
to all the mailing lists.  Additionally, the new acroread ebuild is just a
wrapper which calls xpdf and warns the user to unmerge acroread :)

Comment 2 Dan Naumov 2002-07-07 18:32:30 UTC

Right now attempting to emerge acroread will install xpdf. While XPDF is good
for basic things, you might want to try "app-text/gv" if you need a slightly
more advanced alternative to AcroRead.