Re: acrobat reader

[Michael Lake <mikel@speleonics.com.au>]

Hi

Thanks Steve for those links. I have an O2 running IRIX 6.5 at work used 
for molecular modelling (typical uni setup - connected straight to net 
too). I didn't know of that of that vulnerability. Hence your reply was 
useful. I'll check it. Thanks

Steve Langasek wrote:
> On Mon, Mar 01, 2004 at 12:48:35PM +1100, Michael Lake wrote:
>
> > Steve Langasek wrote:
> >
> > > The Acrobat Reader software has serious security problems that Adobe has
> > > expressed a lack of interest in correcting.  It's recommended that you
> > > use xpdf instead, and report any bugs to the very responsive maintainer.
>
> > Can you provide some links/refs or brief description of the security 
> > problems? What are they? I understand that PostScript can contain virii 
> > as its a full programming language but PDF is less that that. What can 
> > it do thats nasty?
>
>
> A little googling turned up this reference to the Irix security advisory
> for the problem:
>
>   http://www.auscert.org.au/render.html?it=2311&cid=1
>
> At the time, attempts to persuade Adobe to release a fixed version of
> the software for Linux failed, and the license is sufficiently non-free
> that we couldn't fix the problem locally at the time (and can't
> distribute the software at all now, in any case).
>
> There's also http://bugs.debian.org/137997, a bug about static linking
> with a buggy zlib (which may have been fixed by Adobe since).
>
> Regards,



--
Mike Lake
Caver, Linux enthusiast and interested in anything technical.