drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebigen Codes in acroread
Name: |
Ausführen beliebigen Codes in acroread
|
|
ID: |
200306-12 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Do, 26. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Adobe Reader |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-12 --------------------------------------------------------------------
PACKAGE : acroread SUMMARY : arbitrary code execution DATE : 2003-06-25 21:54 UTC EXPLOIT : remote VERSIONS AFFECTED : <acroread-5.07 FIXED VERSION : >=acroread-5.07 CVE : CAN-2003-0434
--------------------------------------------------------------------
from advisory: "Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.
The hyperlinks must be activated or followed for the malicious script to run. The obvious case is for a user to click on one. "
Read the full advisory at http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running app-text/acroread upgrade to acroread-5.07 as follows
emerge sync emerge acroread emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE++hoZfT7nyhUpoZMRAmcMAJ9Tc4AtufMn0c9qxgu0HAK2gC1+GACfYetQ cyhhhtoepcFopVJndMoyd8E= =fYT9 -----END PGP SIGNATURE-----
|
|
|
|