AdobeReader_sve providing libstdc++.so.6 - malicious?
Michael Schwendt
mschwendt at gmail.com
Thu May 27 22:00:16 UTC 2010
On Thu, 27 May 2010 22:01:09 +0100, Jonathan wrote:
> Hi,
>
> I just noticed that if I enable the adobe repository, the AdobeReader
> quickly gets pulled in when installing the flash plugin on a 64 bit
> machine, since it seems to be providing libstdc++.so.6. This just
> seems a little bit suspect to me.
>
> Eg. if I run
>
> yum -v install nspluginwrapper.x86_64 nspluginwrapper.i686
> alsa-plugins-pulseaudio.i686 libcurl.i686
>
> and then look at the output, I see
>
> --> Processing Dependency: libstdc++.so.6(CXXABI_1.3) for package:
> 1:cups-libs-1.4.3-6.fc13.i686
> Searching pkgSack for dep: libstdc++.so.6(CXXABI_1.3)
> TSINFO: Marking AdobeReader_sve-8.1.7-1.i486 as install for
> 1:cups-libs-1.4.3-6.fc13.i686
>
>
> It seems a little like Adobe is trying to install Reader via a
> backdoor dependency?
It's a packaging mistake in a package that hasn't seen much testing.
If they include local copies of libs like libstdc++, they ought to
filter the RPM Provides. They also provide several other libs, not
limited to libgcc_s.so.1
$ repoquery --provides AdobeReader_sve|grep ^lib|wc -l
59
$ repoquery --whatprovides 'libstdc++.so.6(CXXABI_1.3)'
AdobeReader_nor-0:8.1.7-1.i486
AdobeReader_ita-0:8.1.7-1.i486
AdobeReader_suo-0:8.1.7-1.i486
AdobeReader_kor-0:8.1.7-1.i486
AdobeReader_sve-0:8.1.7-1.i486
libstdc++-0:4.4.4-2.fc13.i686
AdobeReader_dan-0:8.1.7-1.i486
AdobeReader_ptb-0:8.1.7-1.i486
AdobeReader_chs-0:8.1.7-1.i486
AdobeReader_esp-0:8.1.7-1.i486
AdobeReader_nld-0:8.1.7-1.i486
AdobeReader_cht-0:8.1.7-1.i486
More information about the users
mailing list