Gentoo Archives: gentoo-announce

From: Alex Legler <a3li@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities
Date: Sun, 25 Oct 2009 18:58:25
Message-Id: 20091025195623.4c2da44f@mail.netloc.info
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200910-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Reader: Multiple vulnerabilities
9 Date: October 25, 2009
10 Bugs: #289016
11 ID: 200910-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities in Adobe Reader might result in the execution
19 of arbitrary code, or other attacks.
20
21 Background
22 ==========
23
24 Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
25 reader.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-text/acroread < 9.2 >= 9.2
34
35 Description
36 ===========
37
38 Multiple vulnerabilities were discovered in Adobe Reader. For further
39 information please consult the CVE entries and the Adobe Security
40 Bulletin referenced below.
41
42 Impact
43 ======
44
45 A remote attacker might entice a user to open a specially crafted PDF
46 file, possibly resulting in the execution of arbitrary code with the
47 privileges of the user running the application, Denial of Service, the
48 creation of arbitrary files on the victim's system, "Trust Manager"
49 bypass, or social engineering attacks.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All Adobe Reader users should upgrade to the latest version:
60
61 # emerge --sync
62 # emerge --ask --oneshot --verbose =app-text/acroread-9.2
63
64 References
65 ==========
66
67 [ 1 ] APSB09-15
68 http://www.adobe.com/support/security/bulletins/apsb09-15.html
69 [ 2 ] CVE-2007-0045
70 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045
71 [ 3 ] CVE-2007-0048
72 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048
73 [ 4 ] CVE-2009-2979
74 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979
75 [ 5 ] CVE-2009-2980
76 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980
77 [ 6 ] CVE-2009-2981
78 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981
79 [ 7 ] CVE-2009-2982
80 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982
81 [ 8 ] CVE-2009-2983
82 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983
83 [ 9 ] CVE-2009-2985
84 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985
85 [ 10 ] CVE-2009-2986
86 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986
87 [ 11 ] CVE-2009-2988
88 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988
89 [ 12 ] CVE-2009-2990
90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990
91 [ 13 ] CVE-2009-2991
92 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991
93 [ 14 ] CVE-2009-2993
94 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993
95 [ 15 ] CVE-2009-2994
96 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994
97 [ 16 ] CVE-2009-2996
98 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996
99 [ 17 ] CVE-2009-2997
100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997
101 [ 18 ] CVE-2009-2998
102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998
103 [ 19 ] CVE-2009-3431
104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431
105 [ 20 ] CVE-2009-3458
106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458
107 [ 21 ] CVE-2009-3459
108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459
109 [ 22 ] CVE-2009-3462
110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462
111
112 Availability
113 ============
114
115 This GLSA and any updates to it are available for viewing at
116 the Gentoo Security Website:
117
118 http://security.gentoo.org/glsa/glsa-200910-03.xml
119
120 Concerns?
121 =========
122
123 Security is a primary focus of Gentoo Linux and ensuring the
124 confidentiality and security of our users machines is of utmost
125 importance to us. Any security concerns should be addressed to
126 security@g.o or alternatively, you may file a bug at
127 https://bugs.gentoo.org.
128
129 License
130 =======
131
132 Copyright 2009 Gentoo Foundation, Inc; referenced text
133 belongs to its owner(s).
134
135 The contents of this document are licensed under the
136 Creative Commons - Attribution / Share Alike license.
137
138 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature