Re: [suse-security] Re: [suse-security-announce] SUSE Security Announcement: Acrobat Reader 5 buffer overflow (SUSE-SA:2005:042)
On Mon, Jul 18, 2005 at 11:18:18AM +0200, Martin Konold wrote:
Am Montag 18 Juli 2005 10:52 schrieb Marcus Meissner:
Hi Marcus,
No, more like "unfortunately no opensource program has reached the viewing abilities of acrobat 7 yet, or we would have got rid of it already"
What is missing in kpdf?
The user knowledge that it is as good. I brought this up internally and lots of people still thought that acroread can display more documents. Ciao, Marcus
Hello Marcus, On Monday 18 July 2005 11:44, Marcus Meissner wrote:
The user knowledge that it is as good.
Kpdf is a really good tool but during the last weeks I had situations where kpdf did not display a PDF as nicely as acroread 7 did display the PDF. Cheers, Andreas -- Noch 11766975 Sekunden... Indifference will be the downfall of mankind, but who cares?
Am Montag, 18. Juli 2005 11:44 schrieb Marcus Meissner:
On Mon, Jul 18, 2005 at 11:18:18AM +0200, Martin Konold wrote:
Am Montag 18 Juli 2005 10:52 schrieb Marcus Meissner:
Hi Marcus,
No, more like "unfortunately no opensource program has reached the viewing abilities of acrobat 7 yet, or we would have got rid of it already"
What is missing in kpdf?
The user knowledge that it is as good.
I brought this up internally and lots of people still thought that acroread can display more documents.
Let me quote from a purely fictional press release: "Since the behaviour of (software product XYZ) since the introduction of its latest version, namely the talkback functions which notify unknown third parties every time the user opens a document, might be illegal under german law, we're forced to drop (software product XYZ) from our linux distribution until further notice, especially since there are other products which are as capable, and do'nt do illegal things." bye, MH
Ciao, Marcus
-- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
"Since the behaviour of (software product XYZ) since the introduction of its latest version, namely the talkback functions which notify unknown third parties every time the user opens a document, might be illegal under german law, we're forced to drop (software product XYZ) from our linux distribution until further notice, especially since there are other products which are as capable, and do'nt do illegal things."
Along the same track, do you think that browsers that support JavaScript are outlawed in Germany too? Acroread 7 is not doing the callback, it is the embedded JavaScript in the document that is. A document without such code will not make a callback. So in the best case, documents with embedded JavaScript that provide callbacks might be outlawed, but you and I know that this aint gonna happen on a global scale. If you don't like the possibility that Acroread calls back, either don't install it or take measures against it to connect to the outside world. If you Google around for a while you will see many suggestions on how to accomplish that. Arjen
Arjen, Mathias, On Monday 18 July 2005 03:24, Arjen de Korte wrote:
"Since the behaviour of (software product XYZ) since the introduction of its latest version, namely the talkback functions which notify unknown third parties every time the user opens a document, might be illegal under german law, we're forced to drop (software product XYZ) from our linux distribution until further notice, especially since there are other products which are as capable, and do'nt do illegal things."
That would annoy me, though I'd just get the software some other way.
Along the same track, do you think that browsers that support JavaScript are outlawed in Germany too? Acroread 7 is not doing the callback, it is the embedded JavaScript in the document that is. A document without such code will not make a callback. So in the best case, documents with embedded JavaScript that provide callbacks might be outlawed, but you and I know that this aint gonna happen on a global scale.
I accept this sort of responsibility, though not entirely happily, especially when the default is to enable the tattletale capability. And sometimes, as in this case, the risk goes unnoticed for an extended period, but I suppose that's just a gap in my due diligence. I run RealPlayer, e.g., but not without first locking it down to prevent most of its reporting functions. The only problem I have with Adobe Reader 7 (it's proper name) is the fact that once you disable JavaScript it bugs you every time you shut it down that "The current document contains JavaScripts (sic). Do you want to enable JavaScripts from now on? The document may not behave correctly if they're disabled." It does this even if you don't open a document (perhaps it refers to an internal document that is implicitly or invisibly opened whenever Reader starts up).
If you don't like the possibility that Acroread calls back, either don't install it or take measures against it to connect to the outside world. If you Google around for a while you will see many suggestions on how to accomplish that.
Agreed.
Arjen
Randall Schulz
Randall R Schulz wrote
The only problem I have with Adobe Reader 7 (it's proper name) is the fact that once you disable JavaScript it bugs you every time you shut it down that "The current document contains JavaScripts (sic). Do you want to enable JavaScripts from now on? The document may not behave correctly if they're disabled." It does this even if you don't open a document (perhaps it refers to an internal document that is implicitly or invisibly opened whenever Reader starts up).
Easy to fix: cd ~/.adobe/Acrobat/7.0/JavaScripts rm -f glob.settings.js ln -s /dev/null glob.settings.js And it won't ask akain. -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
Frank, On Monday 18 July 2005 07:25, Frank Steiner wrote:
Randall R Schulz wrote
The only problem I have with Adobe Reader 7 (it's proper name) is the fact that once you disable JavaScript it bugs you every time you shut it down that "The current document contains JavaScripts (sic). Do you want to enable JavaScripts from now on? The document may not behave correctly if they're disabled." It does this even if you don't open a document (perhaps it refers to an internal document that is implicitly or invisibly opened whenever Reader starts up).
Easy to fix: cd ~/.adobe/Acrobat/7.0/JavaScripts rm -f glob.settings.js ln -s /dev/null glob.settings.js
And it won't ask akain.
Thanks! That worked. How odd, though. That file contained only this string: "({})" (no newline).
Dipl.-Inform. Frank Steiner
Randall Schulz
Hi, i get a log messages but i want to known what application com from it ? because i don't have any reference. Jul 18 08:33:07 web -- MARK -- Jul 18 09:13:07 web -- MARK -- Jul 18 09:53:07 web -- MARK -- Jul 18 10:13:07 web -- MARK -- does any one knowns it ? thanks.
On Mon, Jul 18, 2005 at 11:56:55AM -0600, jmena wrote:
Hi,
i get a log messages but i want to known what application com from it ? because i don't have any reference.
Jul 18 08:33:07 web -- MARK -- Jul 18 09:13:07 web -- MARK -- Jul 18 09:53:07 web -- MARK -- Jul 18 10:13:07 web -- MARK --
does any one knowns it ?
Yes. It means 40 minutes nothing happened in syslog. :) Ciao, Marcus
On Mon, 18 Jul 2005, Marcus Meissner wrote:
[...]
Jul 18 08:33:07 web -- MARK -- [...] Yes. It means 40 minutes nothing happened in syslog. :)
Even more interesting: 40 minutes while the computer was still running. This way one can figure out in which timeinterval his or her computer stoped working. Regards Henning Hucke -- Morgen war Gestern der Tag nach Heute.
On Mon, Jul 18, 2005 at 11:44:32AM +0200, Marcus Meissner wrote:
On Mon, Jul 18, 2005 at 11:18:18AM +0200, Martin Konold wrote:
What is missing in kpdf?
The user knowledge that it is as good.
Actually kpdf has limited feature set compared to acroread.
I brought this up internally and lots of people still thought that acroread can display more documents.
Well, maybe there are no problems to _display_ PDF files, but for instance one feature that is missing kpdf is editing fillable forms like this one: http://www.cic.gc.ca/english/pdf/kits/forms/imm0008egen.pdf Robert -- Robert Schiele Tel.: +49-621-181-2214 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Schiele schrieb:
On Mon, Jul 18, 2005 at 11:44:32AM +0200, Marcus Meissner wrote:
On Mon, Jul 18, 2005 at 11:18:18AM +0200, Martin Konold wrote:
What is missing in kpdf?
The user knowledge that it is as good.
Actually kpdf has limited feature set compared to acroread.
Another missing feature will be better compression and new features (like adaptive image compression and dynamic content) implemented in earlier versions of Acrobat (6 .. 7). Maybe this documentfeatures will not be viewable correctly. I even got problems displaying some embedded fonts. As there are more and more peaple creating acroread 6/7 documents the better choice will be unsing acroread. I'm glad v7 is now available for linux as there is always minor support and development on linux-software. Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQtu0nENg1DRVIGjBAQLADwb/SSSjdOnwRUotI4tgmRpE1WnaAEa3rlQD dPeCEd6N+owtAmmKKGLGEQpUCmDyS1Nl1TpNUzQnw28n0hKXTxnkHTOGe/NodsHx hUDEcRjwX+HMUnxmmZVnopcbCgm2ZwOadYzakfuaqtMpOgGB36l5N5Z8t/mho+rC Bxp20hL8a/KxCLrFdYIR5dOSixfDaF3GkVLpG6O4BE/EIx2I92+SoE2kX8ce5+c6 csC5WG1GKh8B0MMEBPbUlMsZOo2qL6S1lV2WkVHLODz33h5WM+Hd8Zijtd2cxFie h0+u5n0eeX4= =1zfB -----END PGP SIGNATURE-----
participants (10)
-
Andreas Otto
-
Arjen de Korte
-
Frank Steiner
-
Henning Hucke
-
jmena
-
Marcus Meissner
-
Mathias Homann
-
Philippe Vogel
-
Randall R Schulz
-
Robert Schiele