| 1 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 2 |
Gentoo Linux Security Advisory GLSA 201009-05 |
| 3 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 4 |
http://security.gentoo.org/ |
| 5 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 6 |
|
| 7 |
Severity: Normal |
| 8 |
Title: Adobe Reader: Multiple vulnerabilities |
| 9 |
Date: September 07, 2010 |
| 10 |
Bugs: #297385, #306429, #313343, #322857 |
| 11 |
ID: 201009-05 |
| 12 |
|
| 13 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| 14 |
|
| 15 |
Synopsis |
| 16 |
======== |
| 17 |
|
| 18 |
Multiple vulnerabilities in Adobe Reader might result in the execution |
| 19 |
of arbitrary code or other attacks. |
| 20 |
|
| 21 |
Background |
| 22 |
========== |
| 23 |
|
| 24 |
Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF |
| 25 |
reader. |
| 26 |
|
| 27 |
Affected packages |
| 28 |
================= |
| 29 |
|
| 30 |
------------------------------------------------------------------- |
| 31 |
Package / Vulnerable / Unaffected |
| 32 |
------------------------------------------------------------------- |
| 33 |
1 app-text/acroread < 9.3.4 >= 9.3.4 |
| 34 |
|
| 35 |
Description |
| 36 |
=========== |
| 37 |
|
| 38 |
Multiple vulnerabilities were discovered in Adobe Reader. For further |
| 39 |
information please consult the CVE entries and the Adobe Security |
| 40 |
Bulletins referenced below. |
| 41 |
|
| 42 |
Impact |
| 43 |
====== |
| 44 |
|
| 45 |
A remote attacker might entice a user to open a specially crafted PDF |
| 46 |
file, possibly resulting in the execution of arbitrary code with the |
| 47 |
privileges of the user running the application, or bypass intended |
| 48 |
sandbox restrictions, make cross-domain requests, inject arbitrary web |
| 49 |
script or HTML, or cause a Denial of Service condition. |
| 50 |
|
| 51 |
Workaround |
| 52 |
========== |
| 53 |
|
| 54 |
There is no known workaround at this time. |
| 55 |
|
| 56 |
Resolution |
| 57 |
========== |
| 58 |
|
| 59 |
All Adobe Reader users should upgrade to the latest version: |
| 60 |
|
| 61 |
# emerge --sync |
| 62 |
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4" |
| 63 |
|
| 64 |
References |
| 65 |
========== |
| 66 |
|
| 67 |
[ 1 ] APSA10-01 |
| 68 |
http://www.adobe.com/support/security/advisories/apsa10-01.html |
| 69 |
[ 2 ] APSB10-02 |
| 70 |
http://www.adobe.com/support/security/bulletins/apsb10-02.html |
| 71 |
[ 3 ] APSB10-07 |
| 72 |
http://www.adobe.com/support/security/bulletins/apsb10-07.html |
| 73 |
[ 4 ] APSB10-09 |
| 74 |
http://www.adobe.com/support/security/bulletins/apsb10-09.html |
| 75 |
[ 5 ] APSB10-14 |
| 76 |
http://www.adobe.com/support/security/bulletins/apsb10-14.html |
| 77 |
[ 6 ] APSB10-16 |
| 78 |
http://www.adobe.com/support/security/bulletins/apsb10-16.html |
| 79 |
[ 7 ] CVE-2009-3953 |
| 80 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953 |
| 81 |
[ 8 ] CVE-2009-4324 |
| 82 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324 |
| 83 |
[ 9 ] CVE-2010-0186 |
| 84 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 |
| 85 |
[ 10 ] CVE-2010-0188 |
| 86 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188 |
| 87 |
[ 11 ] CVE-2010-0190 |
| 88 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190 |
| 89 |
[ 12 ] CVE-2010-0191 |
| 90 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191 |
| 91 |
[ 13 ] CVE-2010-0192 |
| 92 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192 |
| 93 |
[ 14 ] CVE-2010-0193 |
| 94 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193 |
| 95 |
[ 15 ] CVE-2010-0194 |
| 96 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194 |
| 97 |
[ 16 ] CVE-2010-0195 |
| 98 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195 |
| 99 |
[ 17 ] CVE-2010-0196 |
| 100 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196 |
| 101 |
[ 18 ] CVE-2010-0197 |
| 102 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197 |
| 103 |
[ 19 ] CVE-2010-0198 |
| 104 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198 |
| 105 |
[ 20 ] CVE-2010-0199 |
| 106 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199 |
| 107 |
[ 21 ] CVE-2010-0201 |
| 108 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201 |
| 109 |
[ 22 ] CVE-2010-0202 |
| 110 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202 |
| 111 |
[ 23 ] CVE-2010-0203 |
| 112 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203 |
| 113 |
[ 24 ] CVE-2010-0204 |
| 114 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204 |
| 115 |
[ 25 ] CVE-2010-1241 |
| 116 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241 |
| 117 |
[ 26 ] CVE-2010-1285 |
| 118 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285 |
| 119 |
[ 27 ] CVE-2010-1295 |
| 120 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295 |
| 121 |
[ 28 ] CVE-2010-1297 |
| 122 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 |
| 123 |
[ 29 ] CVE-2010-2168 |
| 124 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168 |
| 125 |
[ 30 ] CVE-2010-2201 |
| 126 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201 |
| 127 |
[ 31 ] CVE-2010-2202 |
| 128 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202 |
| 129 |
[ 32 ] CVE-2010-2203 |
| 130 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203 |
| 131 |
[ 33 ] CVE-2010-2204 |
| 132 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204 |
| 133 |
[ 34 ] CVE-2010-2205 |
| 134 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205 |
| 135 |
[ 35 ] CVE-2010-2206 |
| 136 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206 |
| 137 |
[ 36 ] CVE-2010-2207 |
| 138 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207 |
| 139 |
[ 37 ] CVE-2010-2208 |
| 140 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208 |
| 141 |
[ 38 ] CVE-2010-2209 |
| 142 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209 |
| 143 |
[ 39 ] CVE-2010-2210 |
| 144 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210 |
| 145 |
[ 40 ] CVE-2010-2211 |
| 146 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211 |
| 147 |
[ 41 ] CVE-2010-2212 |
| 148 |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212 |
| 149 |
|
| 150 |
Availability |
| 151 |
============ |
| 152 |
|
| 153 |
This GLSA and any updates to it are available for viewing at |
| 154 |
the Gentoo Security Website: |
| 155 |
|
| 156 |
http://security.gentoo.org/glsa/glsa-201009-05.xml |
| 157 |
|
| 158 |
Concerns? |
| 159 |
========= |
| 160 |
|
| 161 |
Security is a primary focus of Gentoo Linux and ensuring the |
| 162 |
confidentiality and security of our users machines is of utmost |
| 163 |
importance to us. Any security concerns should be addressed to |
| 164 |
security@g.o or alternatively, you may file a bug at |
| 165 |
https://bugs.gentoo.org. |
| 166 |
|
| 167 |
License |
| 168 |
======= |
| 169 |
|
| 170 |
Copyright 2010 Gentoo Foundation, Inc; referenced text |
| 171 |
belongs to its owner(s). |
| 172 |
|
| 173 |
The contents of this document are licensed under the |
| 174 |
Creative Commons - Attribution / Share Alike license. |
| 175 |
|
| 176 |
http://creativecommons.org/licenses/by-sa/2.5 |
Archives