Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 4657

Summary: [app-text/acroread]: temp file exploit vulnerability.
Product: Gentoo Linux Reporter: Dan Naumov <jago>
Component: New packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED FIXED    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
URL: http://online.securityfocus.com/archive/1/278984
Whiteboard:
Package list:
Runtime testing required: ---

Description Dan Naumov 2002-07-07 16:34:14 UTC 
Accodring to a SecurityFocus advisory found at
http://online.securityfocus.com/archive/1/278984 Acroread 5.05 (as well as some
previous versions) have a major temp file explot vulnerability. I believe that 
it's in users best interest to mask this ebuild until Adobe fixes the issue.
Comment 1 Seemant Kulleen (RETIRED) gentoo-dev 2002-07-07 18:09:51 UTC 
Thanks much for this Jago!  A Gentoo Linux Security Announcement has been sent
to all the mailing lists.  Additionally, the new acroread ebuild is just a
wrapper which calls xpdf and warns the user to unmerge acroread :)
Comment 2 Dan Naumov 2002-07-07 18:32:30 UTC 
Right now attempting to emerge acroread will install xpdf. While XPDF is good
for basic things, you might want to try "app-text/gv" if you need a slightly
more advanced alternative to AcroRead.