[gentoo-announce] [ GLSA 201009-05 ] Adobe Reader: Multiple vulnerabilities

[news 28]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201009-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Adobe Reader: Multiple vulnerabilities

Date: September 07, 2010

Bugs: #297385, #306429, #313343, #322857

ID: 201009-05

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities in Adobe Reader might result in the execution

of arbitrary code or other attacks.

 

Background

==========

 

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF

reader.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 app-text/acroread < 9.3.4 >= 9.3.4

 

Description

===========

 

Multiple vulnerabilities were discovered in Adobe Reader. For further

information please consult the CVE entries and the Adobe Security

Bulletins referenced below.

 

Impact

======

 

A remote attacker might entice a user to open a specially crafted PDF

file, possibly resulting in the execution of arbitrary code with the

privileges of the user running the application, or bypass intended

sandbox restrictions, make cross-domain requests, inject arbitrary web

script or HTML, or cause a Denial of Service condition.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All Adobe Reader users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"

 

References

==========

 

[ 1 ] APSA10-01

http://www.adobe.com/support/security/advisories/apsa10-01.html

[ 2 ] APSB10-02

http://www.adobe.com/support/security/bulletins/apsb10-02.html

[ 3 ] APSB10-07

http://www.adobe.com/support/security/bulletins/apsb10-07.html

[ 4 ] APSB10-09

http://www.adobe.com/support/security/bulletins/apsb10-09.html

[ 5 ] APSB10-14

http://www.adobe.com/support/security/bulletins/apsb10-14.html

[ 6 ] APSB10-16

http://www.adobe.com/support/security/bulletins/apsb10-16.html

[ 7 ] CVE-2009-3953

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953

[ 8 ] CVE-2009-4324

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324

[ 9 ] CVE-2010-0186

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186

[ 10 ] CVE-2010-0188

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188

[ 11 ] CVE-2010-0190

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190

[ 12 ] CVE-2010-0191

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191

[ 13 ] CVE-2010-0192

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192

[ 14 ] CVE-2010-0193

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193

[ 15 ] CVE-2010-0194

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194

[ 16 ] CVE-2010-0195

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195

[ 17 ] CVE-2010-0196

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196

[ 18 ] CVE-2010-0197

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197

[ 19 ] CVE-2010-0198

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198

[ 20 ] CVE-2010-0199

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199

[ 21 ] CVE-2010-0201

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201

[ 22 ] CVE-2010-0202

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202

[ 23 ] CVE-2010-0203

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203

[ 24 ] CVE-2010-0204

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204

[ 25 ] CVE-2010-1241

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241

[ 26 ] CVE-2010-1285

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285

[ 27 ] CVE-2010-1295

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295

[ 28 ] CVE-2010-1297

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297

[ 29 ] CVE-2010-2168

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168

[ 30 ] CVE-2010-2201

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201

[ 31 ] CVE-2010-2202

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202

[ 32 ] CVE-2010-2203

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203

[ 33 ] CVE-2010-2204

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204

[ 34 ] CVE-2010-2205

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205

[ 35 ] CVE-2010-2206

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206

[ 36 ] CVE-2010-2207

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207

[ 37 ] CVE-2010-2208

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208

[ 38 ] CVE-2010-2209

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209

[ 39 ] CVE-2010-2210

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210

[ 40 ] CVE-2010-2211

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211

[ 41 ] CVE-2010-2212

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-201009-05.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2010 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5