Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201206-14 ] Adobe Reader: Multiple vulnerabilities
Date: Fri, 22 Jun 2012 11:11:16
Message-Id: 4FE45100.10705@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201206-14
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Adobe Reader: Multiple vulnerabilities
9 Date: June 22, 2012
10 Bugs: #405949, #411499
11 ID: 201206-14
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities in Adobe Reader might allow remote attackers
19 to execute arbitrary code or conduct various other attacks.
20
21 Background
22 ==========
23
24 Adobe Reader is a closed-source PDF reader.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-text/acroread < 9.5.1 >= 9.5.1
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been found in Adobe Reader, including an
38 integer overflow in TrueType Font handling (CVE-2012-0774) and multiple
39 unspecified errors which could cause memory corruption.
40
41 Impact
42 ======
43
44 A remote attacker could entice a user to open a specially crafted PDF
45 file, possibly resulting in execution of arbitrary code with the
46 privileges of the process or a Denial of Service condition.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Adobe Reader users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.1"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2011-4370
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370
66 [ 2 ] CVE-2011-4371
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371
68 [ 3 ] CVE-2011-4372
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372
70 [ 4 ] CVE-2011-4373
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373
72 [ 5 ] CVE-2012-0774
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774
74 [ 6 ] CVE-2012-0775
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775
76 [ 7 ] CVE-2012-0776
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776
78 [ 8 ] CVE-2012-0777
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777
80
81 Availability
82 ============
83
84 This GLSA and any updates to it are available for viewing at
85 the Gentoo Security Website:
86
87 http://security.gentoo.org/glsa/glsa-201206-14.xml
88
89 Concerns?
90 =========
91
92 Security is a primary focus of Gentoo Linux and ensuring the
93 confidentiality and security of our users' machines is of utmost
94 importance to us. Any security concerns should be addressed to
95 security@g.o or alternatively, you may file a bug at
96 https://bugs.gentoo.org.
97
98 License
99 =======
100
101 Copyright 2012 Gentoo Foundation, Inc; referenced text
102 belongs to its owner(s).
103
104 The contents of this document are licensed under the
105 Creative Commons - Attribution / Share Alike license.
106
107 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups