Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0883 to the following vulnerability: acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling. Detailed descriptions with suggested solution: http://marc.info/?l=oss-security&m=120389711215086&w=2 References: http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html http://www.securityfocus.com/bid/28091 http://www.frsirt.com/english/advisories/2008/0765 http://secunia.com/advisories/29229
This problem only affects uncommonly used options of acroread startup script. This issue was rated as having low security impact and may be addressed in future Adobe Acrobat Reader reader as shipped in Red Hat Enterprise Linux Extras / Supplementary.
Upstream advisory for this issues: http://www.adobe.com/support/security/advisories/apsa08-02.html Fixed in upstream version 8.1.2_SU1 (Security Update 1): http://www.adobe.com/support/security/bulletins/apsb08-15.html
This issue was addressed in: Red Hat Enterprise Linux Extras: http://rhn.redhat.com/errata/RHSA-2008-0641.html