[gentoo-announce] [ GLSA 200901-09 ] Adobe Reader: User-assisted execution of arbitrary code

[news 28]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 200901-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Adobe Reader: User-assisted execution of arbitrary code

Date: January 13, 2009

Bugs: #225483

ID: 200901-09

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Adobe Reader is vulnerable to execution of arbitrary code.

 

Background

==========

 

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF

reader.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 app-text/acroread < 8.1.3 >= 8.1.3

 

Description

===========

 

* An unspecified vulnerability can be triggered by a malformed PDF

document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).

 

* Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and

Greg MacManus reported a stack-based buffer overflow in the

util.printf JavaScript function that incorrectly handles the format

string argument (CVE-2008-2992).

 

* Greg MacManus of iDefense Labs reported an array index error that

can be leveraged for an out-of-bounds write, related to parsing of

Type 1 fonts (CVE-2008-4812).

 

* Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day

Initiative, reported multiple unspecified memory corruption

vulnerabilities (CVE-2008-4813).

 

* Thomas Garnier of SkyRecon Systems reported an unspecified

vulnerability in a JavaScript method, related to an "input validation

issue" (CVE-2008-4814).

 

* Josh Bressers of Red Hat reported an untrusted search path

vulnerability (CVE-2008-4815).

 

* Peter Vreugdenhil reported through iDefense that the Download

Manager can trigger a heap corruption via calls to the AcroJS

function (CVE-2008-4817).

 

Impact

======

 

A remote attacker could entice a user to open a specially crafted PDF

document, and local attackers could entice a user to run acroread from

an untrusted working directory. Both might result in the execution of

arbitrary code with the privileges of the user running the application,

or a Denial of Service.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All Adobe Reader users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.3"

 

References

==========

 

[ 1 ] CVE-2008-2549

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549

[ 2 ] CVE-2008-2992

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992

[ 3 ] CVE-2008-4812

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812

[ 4 ] CVE-2008-4813

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813

[ 5 ] CVE-2008-4814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814

[ 6 ] CVE-2008-4815

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815

[ 7 ] CVE-2008-4817

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-200901-09.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

http://bugs.gentoo.org.

 

License

=======

 

Copyright 2009 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5