Bugtraq mailing list archives
[ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities
From: Tim Sammut <underling () gentoo org>
Date: Fri, 21 Jan 2011 09:17:56 -0800
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201101-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: January 21, 2011 Bugs: #336508, #343091 ID: 201101-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code. Background ========== Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.4.1 >= 9.4.1 Description =========== Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. Impact ====== A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.1" References ========== [ 1 ] APSB10-21 http://www.adobe.com/support/security/bulletins/apsb10-21.html [ 2 ] APSB10-28 http://www.adobe.com/support/security/bulletins/apsb10-28.html [ 3 ] CVE-2010-2883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883 [ 4 ] CVE-2010-2884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884 [ 5 ] CVE-2010-2887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887 [ 6 ] CVE-2010-2889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889 [ 7 ] CVE-2010-2890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890 [ 8 ] CVE-2010-3619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619 [ 9 ] CVE-2010-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620 [ 10 ] CVE-2010-3621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621 [ 11 ] CVE-2010-3622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622 [ 12 ] CVE-2010-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625 [ 13 ] CVE-2010-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626 [ 14 ] CVE-2010-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627 [ 15 ] CVE-2010-3628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628 [ 16 ] CVE-2010-3629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629 [ 17 ] CVE-2010-3630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630 [ 18 ] CVE-2010-3632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632 [ 19 ] CVE-2010-3654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654 [ 20 ] CVE-2010-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656 [ 21 ] CVE-2010-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657 [ 22 ] CVE-2010-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658 [ 23 ] CVE-2010-4091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201101-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [ GLSA 201101-08 ] Adobe Reader: Multiple vulnerabilities Tim Sammut (Jan 21)