blob: 0b6dcc3bbb2bc72b5bf166293f5e33d124ca96a8 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200803-26">
<title>Adobe Acrobat Reader: Insecure temporary file creation</title>
An insecure temporary file creation vulnerability has been discovered in
Adobe Acrobat Reader.
<product type="ebuild">acroread</product>
<announced>March 18, 2008</announced>
<revised>March 18, 2008: 01</revised>
<package name="app-text/acroread" auto="yes" arch="*">
<unaffected range="ge">8.1.2-r1</unaffected>
<vulnerable range="lt">8.1.2-r1</vulnerable>
Acrobat Reader is a PDF reader released by Adobe.
SUSE reported that the "acroread" wrapper script does not create
temporary files in a secure manner when handling SSL certificates
<impact type="normal">
A local attacker could exploit this vulnerability to overwrite
arbitrary files via a symlink attack on temporary files.
There is no known workaround at this time.
All Adobe Acrobat Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/acroread-8.1.2-r1&quot;</code>
<uri link="">CVE-2008-0883</uri>
<metadata tag="requester" timestamp="Sun, 16 Mar 2008 13:19:39 +0000">
<metadata tag="submitter" timestamp="Mon, 17 Mar 2008 11:44:20 +0000">
<metadata tag="bugReady" timestamp="Tue, 18 Mar 2008 13:28:58 +0000">