Gentoo Archives: gentoo-announce

From: Chris Reffett <creffett@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201308-03 ] Adobe Reader: Multiple vulnerabilities
Date: Thu, 22 Aug 2013 22:50:26
Message-Id: 52169527.1070501@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201308-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Adobe Reader: Multiple vulnerabilities
9 Date: August 22, 2013
10 Bugs: #431732, #451058, #469960
11 ID: 201308-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Adobe Reader, including
19 potential remote execution of arbitrary code and local privilege
20 escalation.
21
22 Background
23 ==========
24
25 Adobe Reader is a closed-source PDF reader.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-text/acroread < 9.5.5 >= 9.5.5
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Adobe Reader. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could entice a user to open a specially crafted PDF
45 file, possibly resulting in arbitrary code execution or a Denial of
46 Service condition. A local attacker could gain privileges via
47 unspecified vectors.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All Adobe Reader users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
61
62 References
63 ==========
64
65 [ 1 ] CVE-2012-1525
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
67 [ 2 ] CVE-2012-1530
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
69 [ 3 ] CVE-2012-2049
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
71 [ 4 ] CVE-2012-2050
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
73 [ 5 ] CVE-2012-2051
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
75 [ 6 ] CVE-2012-4147
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
77 [ 7 ] CVE-2012-4148
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
79 [ 8 ] CVE-2012-4149
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
81 [ 9 ] CVE-2012-4150
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
83 [ 10 ] CVE-2012-4151
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
85 [ 11 ] CVE-2012-4152
86 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
87 [ 12 ] CVE-2012-4153
88 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
89 [ 13 ] CVE-2012-4154
90 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
91 [ 14 ] CVE-2012-4155
92 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
93 [ 15 ] CVE-2012-4156
94 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
95 [ 16 ] CVE-2012-4157
96 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
97 [ 17 ] CVE-2012-4158
98 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
99 [ 18 ] CVE-2012-4159
100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
101 [ 19 ] CVE-2012-4160
102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
103 [ 20 ] CVE-2012-4363
104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
105 [ 21 ] CVE-2013-0601
106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
107 [ 22 ] CVE-2013-0602
108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
109 [ 23 ] CVE-2013-0603
110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
111 [ 24 ] CVE-2013-0604
112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
113 [ 25 ] CVE-2013-0605
114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
115 [ 26 ] CVE-2013-0606
116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
117 [ 27 ] CVE-2013-0607
118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
119 [ 28 ] CVE-2013-0608
120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
121 [ 29 ] CVE-2013-0609
122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
123 [ 30 ] CVE-2013-0610
124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
125 [ 31 ] CVE-2013-0611
126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
127 [ 32 ] CVE-2013-0612
128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
129 [ 33 ] CVE-2013-0613
130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
131 [ 34 ] CVE-2013-0614
132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
133 [ 35 ] CVE-2013-0615
134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
135 [ 36 ] CVE-2013-0616
136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
137 [ 37 ] CVE-2013-0617
138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
139 [ 38 ] CVE-2013-0618
140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
141 [ 39 ] CVE-2013-0619
142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
143 [ 40 ] CVE-2013-0620
144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
145 [ 41 ] CVE-2013-0621
146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
147 [ 42 ] CVE-2013-0622
148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
149 [ 43 ] CVE-2013-0623
150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
151 [ 44 ] CVE-2013-0624
152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
153 [ 45 ] CVE-2013-0626
154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
155 [ 46 ] CVE-2013-0627
156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
157 [ 47 ] CVE-2013-0640
158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
159 [ 48 ] CVE-2013-0641
160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
161 [ 49 ] CVE-2013-2549
162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
163 [ 50 ] CVE-2013-2550
164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
165 [ 51 ] CVE-2013-2718
166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
167 [ 52 ] CVE-2013-2719
168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
169 [ 53 ] CVE-2013-2720
170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
171 [ 54 ] CVE-2013-2721
172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
173 [ 55 ] CVE-2013-2722
174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
175 [ 56 ] CVE-2013-2723
176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
177 [ 57 ] CVE-2013-2724
178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
179 [ 58 ] CVE-2013-2725
180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
181 [ 59 ] CVE-2013-2726
182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
183 [ 60 ] CVE-2013-2727
184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
185 [ 61 ] CVE-2013-2729
186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
187 [ 62 ] CVE-2013-2730
188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
189 [ 63 ] CVE-2013-2731
190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
191 [ 64 ] CVE-2013-2732
192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
193 [ 65 ] CVE-2013-2733
194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
195 [ 66 ] CVE-2013-2734
196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
197 [ 67 ] CVE-2013-2735
198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
199 [ 68 ] CVE-2013-2736
200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
201 [ 69 ] CVE-2013-2737
202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
203 [ 70 ] CVE-2013-3337
204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
205 [ 71 ] CVE-2013-3338
206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
207 [ 72 ] CVE-2013-3339
208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
209 [ 73 ] CVE-2013-3340
210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
211 [ 74 ] CVE-2013-3341
212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
213 [ 75 ] CVE-2013-3342
214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
215
216 Availability
217 ============
218
219 This GLSA and any updates to it are available for viewing at
220 the Gentoo Security Website:
221
222 http://security.gentoo.org/glsa/glsa-201308-03.xml
223
224 Concerns?
225 =========
226
227 Security is a primary focus of Gentoo Linux and ensuring the
228 confidentiality and security of our users' machines is of utmost
229 importance to us. Any security concerns should be addressed to
230 security@g.o or alternatively, you may file a bug at
231 https://bugs.gentoo.org.
232
233 License
234 =======
235
236 Copyright 2013 Gentoo Foundation, Inc; referenced text
237 belongs to its owner(s).
238
239 The contents of this document are licensed under the
240 Creative Commons - Attribution / Share Alike license.
241
242 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature