Re: [suse-security-announce] SUSE Security Announcement: Acrobat Reader 5 buffer overflow (SUSE-SA:2005:042)
Am Donnerstag, 14. Juli 2005 19:46 schrieb Marcus Meissner:
Package: acroread 5 Announcement ID: SUSE-SA:2005:042 Date: Thu, 14 Jul 2005 15:00:00 +0000 Affected Products: 9.0, 9.1, 9.2 SUSE Linux Desktop 1 SUSE Linux Enterprise Server 8, 9 Novell Linux Desktop 9 Open Enterprise Server 9 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CAN-2005-1625
Content of This Advisory: 1) Security Vulnerability Resolved: Buffer overflow in Acrobat Reader 5 Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information
___________________________________________________________________ ___________
1) Problem Description and Brief Discussion
This update fixes a buffer overflow in Acrobat Reader versions 5, where an attacker could execute code by providing a handcrafted PDF to the viewer.
The Acrobat Reader 5 versions of SUSE Linux 9.0 up to 9.2, SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 were upgraded to Acrobat Reader 7.
Unfortunately this version upgrade introduces new dependencies. Please use the YaST module "Install or Remove Software" to check if there are new dependencies and install the required packages.
shouldn't that read "unfortunately acrobat reader 7 contains spyware" instead? bye, MH
Am Donnerstag, 14. Juli 2005 20:17 schrieb Mathias Homann:
shouldn't that read "unfortunately acrobat reader 7 contains spyware" instead?
here's more about that: http://lwn.net/Articles/129729/ bye, MH
Mathias Homann wrote
shouldn't that read "unfortunately acrobat reader 7 contains spyware" instead?
That's long known and easy to fix. More problematic is the bug in the -toPostScript parameter that will refuse to produce correct postscript code for the last page of a multi-page file. Postscript files produced with the -toPostScript parameter are therefore completely unusable. cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
On Thu, Jul 14, 2005 at 08:17:13PM +0200, Mathias Homann wrote:
Am Donnerstag, 14. Juli 2005 19:46 schrieb Marcus Meissner:
Package: acroread 5 Announcement ID: SUSE-SA:2005:042 Unfortunately this version upgrade introduces new dependencies. Please use the YaST module "Install or Remove Software" to check if there are new dependencies and install the required packages.
shouldn't that read "unfortunately acrobat reader 7 contains spyware" instead?
No, more like "unfortunately no opensource program has reached the viewing abilities of acrobat 7 yet, or we would have got rid of it already" Ciao, Marcus
participants (3)
-
Frank Steiner -
Marcus Meissner -
Mathias Homann