Re: Adobe Security Vulnerability and G.G applications Bob Beattie 25 Feb 2009 17:02 EST

This is a serious problem, and one that will occur when an agency is
dependent on a commercial system.  You must wait on them for a patch
if problems develop.   If you turn off Java Script, you cannot do
Adobe Forms.
Our IT people say to keep the Java Script and use caution when using
web sites.   Or turn off the Java Script and only use it when doing
G.g work.

See this
Computerworld article: "Hackers exploit unpatched Adobe Reader bug"
http://www.computerworld.com/action/article.do?
command=viewArticleBasic&articleId=9128278&intsrc=hm_list

and this
Adobe security bulletin: "Buffer overflow issue in versions 9.0 and
earlier of Adobe Reader and Acrobat"
http://www.adobe.com/support/security/advisories/apsa09-01.html

Bob
------------------------------
Robert Beattie
University of Michigan
xxxxxx@umich.edu   (734) 936-1283

On Feb 25, 2009, at 4:42 PM, Lipkin, Stuart wrote:

Hi All,

Maybe someone out there already knows the answer to this question -
so I thought I would post it here.  I didn't see any information on
the Grants.gov website - but I might have missed it.

Adobe has recently issues a security warning (http://www.adobe.com/
support/security/advisories/apsa09-01.html) for their product and
announced that they are planning a patch for it in mid-March.  One of
the suggested workarounds is to disable javascript in the product.
While Adobe says this will not mitigate the problem completely, but
is suggested as a temporary workaround.

I've received some questions about this from our users.  If people
decided to turn off JavaScript would this adversely impact their
ability to successfully complete G.G Adobe packages?

Thanks

Stu

This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information.  If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).

======================================================================
 Instructions on how to use the RESADM-L Mailing List, including
 subscription information and a web-searchable archive, are available
 via our web site at http://www.hrinet.org (click on "Listserv Lists")
======================================================================

======================================================================
 Instructions on how to use the RESADM-L Mailing List, including
 subscription information and a web-searchable archive, are available
 via our web site at http://www.hrinet.org (click on "Listserv Lists")
======================================================================