From: Mathias Homann (admineregion.de)
Date: Thu Jul 14 2005 - 13:17:13 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Donnerstag, 14. Juli 2005 19:46 schrieb Marcus Meissner:

> Package: acroread 5
> Announcement ID: SUSE-SA:2005:042
> Date: Thu, 14 Jul 2005 15:00:00 +0000
> Affected Products: 9.0, 9.1, 9.2
> SUSE Linux Desktop 1
> SUSE Linux Enterprise Server 8, 9
> Novell Linux Desktop 9
> Open Enterprise Server 9
> Vulnerability Type: remote code execution
> Severity (1-10): 8
> SUSE Default Package: yes
> Cross-References: CAN-2005-1625
>
> Content of This Advisory:
> 1) Security Vulnerability Resolved:
> Buffer overflow in Acrobat Reader 5
> Problem Description
> 2) Solution or Work-Around
> 3) Special Instructions and Notes
> 4) Package Location and Checksums
> 5) Pending Vulnerabilities, Solutions, and Work-Arounds:
> See SUSE Security Summary Report.
> 6) Authenticity Verification and Additional Information
>
> ___________________________________________________________________
>___________
>
> 1) Problem Description and Brief Discussion
>
> This update fixes a buffer overflow in Acrobat Reader versions
> 5, where an attacker could execute code by providing a handcrafted
> PDF to the viewer.
>
> The Acrobat Reader 5 versions of SUSE Linux 9.0 up to 9.2, SUSE
> Linux Enterprise Server 9 and Novell Linux Desktop 9 were
> upgraded to Acrobat Reader 7.
>
> Unfortunately this version upgrade introduces new dependencies.
> Please use the YaST module "Install or Remove Software" to check if
> there are new dependencies and install the required packages.

shouldn't that read "unfortunately acrobat reader 7 contains spyware"
instead?

bye,
        MH

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]