Summary
The remote host is missing updates announced in
advisory GLSA 200408-14.
Solution
All acroread users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=app-text/acroread-5.09'
# emerge '>=app-text/acroread-5.09'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-14 http://bugs.gentoo.org/show_bug.cgi?id=60205
http://idefense.com/application/poi/display?id=124&type=vulnerabilities http://idefense.com/application/poi/display?id=125&type=vulnerabilities
Insight
acroread contains two errors in the handling of UUEncoded filenames that may lead to execution of arbitrary code or programs.
Severity
Classification
-
CVE CVE-2004-0629, CVE-2004-0630, CVE-2004-0631 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities