-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-12
--------------------------------------------------------------------
PACKAGE : acroread
SUMMARY : arbitrary code execution
DATE : 2003-06-25 21:54 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =acroread-5.07
CVE : CAN-2003-0434
--------------------------------------------------------------------
from advisory:
"Valid PDF files can contain malicious external-type hyperlinks that can
execute arbitrary shell commands underneath Unix with various PDF
viewers/readers.
The hyperlinks must be activated or followed for the malicious script
to run. The obvious case is for a user to click on one. "
Read the full advisory at
http://marc.theaimsgroup.com/?l=full-disclosure&m=105555332025253&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-text/acroread upgrade to acroread-5.07 as follows
emerge sync
emerge acroread
emerge clean
--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE++hoZfT7nyhUpoZMRAmcMAJ9Tc4AtufMn0c9qxgu0HAK2gC1+GACfYetQ
cyhhhtoepcFopVJndMoyd8E=
=fYT9
-----END PGP SIGNATURE-----
|