- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Adobe Reader: Multiple vulnerabilities
     Date: August 22, 2013
     Bugs: #431732, #451058, #469960
       ID: 201308-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.

Background
=========
Adobe Reader is a closed-source PDF reader.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-text/acroread            < 9.5.5                    >= 9.5.5

Description
==========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details.

Impact
=====
A remote attacker could entice a user to open a specially crafted PDF
file, possibly resulting in arbitrary code execution or a Denial of
Service condition. A local attacker could gain privileges via
unspecified vectors.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All Adobe Reader users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"

References
=========
[  1 ] CVE-2012-1525
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[  2 ] CVE-2012-1530
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[  3 ] CVE-2012-2049
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[  4 ] CVE-2012-2050
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[  5 ] CVE-2012-2051
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[  6 ] CVE-2012-4147
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[  7 ] CVE-2012-4148
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[  8 ] CVE-2012-4149
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[  9 ] CVE-2012-4150
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201308-03

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201308-03: Adobe Reader: Multiple vulnerabilities

Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation

Summary

Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details.

Resolution

All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"

References

[ 1 ] CVE-2012-1525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525 [ 2 ] CVE-2012-1530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530 [ 3 ] CVE-2012-2049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049 [ 4 ] CVE-2012-2050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050 [ 5 ] CVE-2012-2051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051 [ 6 ] CVE-2012-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147 [ 7 ] CVE-2012-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748 [ 8 ] CVE-2012-4149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149 [ 9 ] CVE-2012-4150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150 [ 10 ] CVE-2012-4151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151 [ 11 ] CVE-2012-4152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152 [ 12 ] CVE-2012-4153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153 [ 13 ] CVE-2012-4154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154 [ 14 ] CVE-2012-4155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155 [ 15 ] CVE-2012-4156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156 [ 16 ] CVE-2012-4157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157 [ 17 ] CVE-2012-4158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158 [ 18 ] CVE-2012-4159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159 [ 19 ] CVE-2012-4160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160 [ 20 ] CVE-2012-4363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363 [ 21 ] CVE-2013-0601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601 [ 22 ] CVE-2013-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602 [ 23 ] CVE-2013-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603 [ 24 ] CVE-2013-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604 [ 25 ] CVE-2013-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605 [ 26 ] CVE-2013-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606 [ 27 ] CVE-2013-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607 [ 28 ] CVE-2013-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608 [ 29 ] CVE-2013-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609 [ 30 ] CVE-2013-0610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610 [ 31 ] CVE-2013-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611 [ 32 ] CVE-2013-0612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612 [ 33 ] CVE-2013-0613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613 [ 34 ] CVE-2013-0614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614 [ 35 ] CVE-2013-0615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615 [ 36 ] CVE-2013-0616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616 [ 37 ] CVE-2013-0617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617 [ 38 ] CVE-2013-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618 [ 39 ] CVE-2013-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619 [ 40 ] CVE-2013-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620 [ 41 ] CVE-2013-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621 [ 42 ] CVE-2013-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622 [ 43 ] CVE-2013-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623 [ 44 ] CVE-2013-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624 [ 45 ] CVE-2013-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626 [ 46 ] CVE-2013-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627 [ 47 ] CVE-2013-0640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640 [ 48 ] CVE-2013-0641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641 [ 49 ] CVE-2013-2549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549 [ 50 ] CVE-2013-2550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550 [ 51 ] CVE-2013-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718 [ 52 ] CVE-2013-2719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719 [ 53 ] CVE-2013-2720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720 [ 54 ] CVE-2013-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721 [ 55 ] CVE-2013-2722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722 [ 56 ] CVE-2013-2723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723 [ 57 ] CVE-2013-2724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724 [ 58 ] CVE-2013-2725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725 [ 59 ] CVE-2013-2726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726 [ 60 ] CVE-2013-2727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727 [ 61 ] CVE-2013-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729 [ 62 ] CVE-2013-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730 [ 63 ] CVE-2013-2731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731 [ 64 ] CVE-2013-2732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732 [ 65 ] CVE-2013-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733 [ 66 ] CVE-2013-2734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734 [ 67 ] CVE-2013-2735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735 [ 68 ] CVE-2013-2736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736 [ 69 ] CVE-2013-2737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737 [ 70 ] CVE-2013-3337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337 [ 71 ] CVE-2013-3338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338 [ 72 ] CVE-2013-3339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339 [ 73 ] CVE-2013-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340 [ 74 ] CVE-2013-3341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341 [ 75 ] CVE-2013-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201308-03

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03

Synopsis

Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation.

Background

Adobe Reader is a closed-source PDF reader.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.5.5 >= 9.5.5

Impact

===== A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in arbitrary code execution or a Denial of Service condition. A local attacker could gain privileges via unspecified vectors.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved