Am Donnerstag, 14. Juli 2005 19:46 schrieb Marcus Meissner:
Package: acroread 5 Announcement ID: SUSE-SA:2005:042 Date: Thu, 14 Jul 2005 15:00:00 +0000 Affected Products: 9.0, 9.1, 9.2 SUSE Linux Desktop 1 SUSE Linux Enterprise Server 8, 9 Novell Linux Desktop 9 Open Enterprise Server 9 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CAN-2005-1625
Content of This Advisory: 1) Security Vulnerability Resolved: Buffer overflow in Acrobat Reader 5 Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information
___________________________________________________________________ ___________
1) Problem Description and Brief Discussion
This update fixes a buffer overflow in Acrobat Reader versions 5, where an attacker could execute code by providing a handcrafted PDF to the viewer.
The Acrobat Reader 5 versions of SUSE Linux 9.0 up to 9.2, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 were upgraded to Acrobat Reader 7.
Unfortunately this version upgrade introduces new dependencies. Please use the YaST module "Install or Remove Software" to check if there are new dependencies and install the required packages.
shouldn't that read "unfortunately acrobat reader 7 contains spyware" instead? bye, MH