- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Adobe Reader: Multiple vulnerabilities
      Date: September 07, 2010
      Bugs: #297385, #306429, #313343, #322857
        ID: 201009-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities in Adobe Reader might result in the execution
of arbitrary code or other attacks.

Background
=========
Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
reader.

Affected packages
================
    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  app-text/acroread       < 9.3.4                          >= 9.3.4

Description
==========
Multiple vulnerabilities were discovered in Adobe Reader. For further
information please consult the CVE entries and the Adobe Security
Bulletins referenced below.

Impact
=====
A remote attacker might entice a user to open a specially crafted PDF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, or bypass intended
sandbox restrictions, make cross-domain requests, inject arbitrary web
script or HTML, or cause a Denial of Service condition.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Adobe Reader users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"

References
=========
  [ 1 ] APSA10-01
        http://www.adobe.com/support/security/advisories/apsa10-01.html
  [ 2 ] APSB10-02
        http://www.adobe.com/support/security/bulletins/apsb10-02.html
  [ 3 ] APSB10-07
        http://www.adobe.com/support/security/bulletins/apsb10-07.html
  [ 4 ] APSB10-09
        http://www.adobe.com/support/security/bulletins/apsb10-09.html
  [ 5 ] APSB10-14
        http://www.adobe.com/support/security/bulletins/apsb10-14.html
  [ 6 ] APSB10-16
        http://www.adobe.com/support/security/bulletins/apsb10-16.html
  [ 7 ] CVE-2009-3953
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
  [ 8 ] CVE-2009-4324
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
  [ 9 ] CVE-2010-0186
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
  [ 10 ] CVE-2010-0188
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
  [ 11 ] CVE-2010-0190
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
  [ 12 ] CVE-2010-0191
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
  [ 13 ] CVE-2010-0192
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
  [ 14 ] CVE-2010-0193
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
  [ 15 ] CVE-2010-0194
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
  [ 16 ] CVE-2010-0195
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
  [ 17 ] CVE-2010-0196
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
  [ 18 ] CVE-2010-0197
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
  [ 19 ] CVE-2010-0198
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
  [ 20 ] CVE-2010-0199
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
  [ 21 ] CVE-2010-0201
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
  [ 22 ] CVE-2010-0202
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
  [ 23 ] CVE-2010-0203
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
  [ 24 ] CVE-2010-0204
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
  [ 25 ] CVE-2010-1241
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
  [ 26 ] CVE-2010-1285
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
  [ 27 ] CVE-2010-1295
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
  [ 28 ] CVE-2010-1297
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
  [ 29 ] CVE-2010-2168
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
  [ 30 ] CVE-2010-2201
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
  [ 31 ] CVE-2010-2202
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
  [ 32 ] CVE-2010-2203
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
  [ 33 ] CVE-2010-2204
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
  [ 34 ] CVE-2010-2205
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
  [ 35 ] CVE-2010-2206
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
  [ 36 ] CVE-2010-2207
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
  [ 37 ] CVE-2010-2208
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
  [ 38 ] CVE-2010-2209
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
  [ 39 ] CVE-2010-2210
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
  [ 40 ] CVE-2010-2211
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
  [ 41 ] CVE-2010-2212
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/glsa-201009-05.xml

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201009-05: Adobe Reader: Multiple vulnerabilities

Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks.

Summary

Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.

Resolution

All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"

References

[ 1 ] APSA10-01 http://www.adobe.com/support/security/advisories/apsa10-01.html [ 2 ] APSB10-02 http://www.adobe.com/support/security/bulletins/apsb10-02.html [ 3 ] APSB10-07 http://www.adobe.com/support/security/bulletins/apsb10-07.html [ 4 ] APSB10-09 http://www.adobe.com/support/security/bulletins/apsb10-09.html [ 5 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 6 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 7 ] CVE-2009-3953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953 [ 8 ] CVE-2009-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324 [ 9 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 10 ] CVE-2010-0188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188 [ 11 ] CVE-2010-0190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190 [ 12 ] CVE-2010-0191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191 [ 13 ] CVE-2010-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192 [ 14 ] CVE-2010-0193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193 [ 15 ] CVE-2010-0194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194 [ 16 ] CVE-2010-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195 [ 17 ] CVE-2010-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196 [ 18 ] CVE-2010-0197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197 [ 19 ] CVE-2010-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198 [ 20 ] CVE-2010-0199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199 [ 21 ] CVE-2010-0201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201 [ 22 ] CVE-2010-0202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202 [ 23 ] CVE-2010-0203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203 [ 24 ] CVE-2010-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204 [ 25 ] CVE-2010-1241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241 [ 26 ] CVE-2010-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285 [ 27 ] CVE-2010-1295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295 [ 28 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 29 ] CVE-2010-2168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168 [ 30 ] CVE-2010-2201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201 [ 31 ] CVE-2010-2202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202 [ 32 ] CVE-2010-2203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203 [ 33 ] CVE-2010-2204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204 [ 34 ] CVE-2010-2205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205 [ 35 ] CVE-2010-2206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206 [ 36 ] CVE-2010-2207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207 [ 37 ] CVE-2010-2208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208 [ 38 ] CVE-2010-2209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209 [ 39 ] CVE-2010-2210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210 [ 40 ] CVE-2010-2211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211 [ 41 ] CVE-2010-2212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/glsa-201009-05.xml

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: Adobe Reader: Multiple vulnerabilities
Issued Date: September 07, 2010
Bugs: #297385, #306429, #313343, #322857
ID: 201009-05

Synopsis

Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks.

Background

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.3.4 >= 9.3.4

Impact

===== A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or bypass intended sandbox restrictions, make cross-domain requests, inject arbitrary web script or HTML, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved