Red Hat Enterprise Linux 4: RHSA-2011:0301-01 Critical: Acroread XSS Risk

red hat

February 23, 2011

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

Summary

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).
This update fixes multiple vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB11-03, listed in the References section.
A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0585, CVE-2011-0586, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0606)
Multiple security flaws were found in Adobe reader. A specially-crafted PDF file could cause cross-site scripting (XSS) attacks against the user running Adobe Reader when opened. (CVE-2011-0587, CVE-2011-0604)
All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.2, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

Topics Covered

security advisory security update critical risk assessment xss red hat enterprise acroread

References

https://access.redhat.com/security/cve/CVE-2011-0562 https://access.redhat.com/security/cve/CVE-2011-0563 https://access.redhat.com/security/cve/CVE-2011-0565 https://access.redhat.com/security/cve/CVE-2011-0566 https://access.redhat.com/security/cve/CVE-2011-0567 https://access.redhat.com/security/cve/CVE-2011-0585 https://access.redhat.com/security/cve/CVE-2011-0586 https://access.redhat.com/security/cve/CVE-2011-0587 https://access.redhat.com/security/cve/CVE-2011-0589 https://access.redhat.com/security/cve/CVE-2011-0590 https://access.redhat.com/security/cve/CVE-2011-0591 https://access.redhat.com/security/cve/CVE-2011-0592 https://access.redhat.com/security/cve/CVE-2011-0593 https://access.redhat.com/security/cve/CVE-2011-0594 https://access.redhat.com/security/cve/CVE-2011-0595 https://access.redhat.com/security/cve/CVE-2011-0596 https://access.redhat.com/security/cve/CVE-2011-0598 https://access.redhat.com/security/cve/CVE-2011-0599 https://access.redhat.com/security/cve/CVE-2011-0600 https://access.redhat.com/security/cve/CVE-2011-0602 https://access.redhat.com/security/cve/CVE-2011-0603 https://access.redhat.com/security/cve/CVE-2011-0604 https://access.redhat.com/security/cve/CVE-2011-0606 Read the Full Advisory

Package List

Red Hat Enterprise Linux AS version 4 Extras:
i386: acroread-9.4.2-1.el4.i386.rpm acroread-plugin-9.4.2-1.el4.i386.rpm
x86_64: acroread-9.4.2-1.el4.i386.rpm
Red Hat Desktop version 4 Extras:
i386: acroread-9.4.2-1.el4.i386.rpm acroread-plugin-9.4.2-1.el4.i386.rpm
x86_64: acroread-9.4.2-1.el4.i386.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: acroread-9.4.2-1.el4.i386.rpm acroread-plugin-9.4.2-1.el4.i386.rpm
x86_64: acroread-9.4.2-1.el4.i386.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: acroread-9.4.2-1.el4.i386.rpm acroread-plugin-9.4.2-1.el4.i386.rpm
x86_64: acroread-9.4.2-1.el4.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: acroread-9.4.2-1.el5.i386.rpm acroread-plugin-9.4.2-1.el5.i386.rpm
x86_64: acroread-9.4.2-1.el5.i386.rpm acroread-plugin-9.4.2-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: acroread-9.4.2-1.el5.i386.rpm acroread-plugin-9.4.2-1.el5.i386.rpm
x86_64: acroread-9.4.2-1.el5.i386.rpm acroread-plugin-9.4.2-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: acroread-9.4.2-3.el6_0.i686.rpm acroread-plugin-9.4.2-3.el6_0.i686.rpm
x86_64: acroread-9.4.2-3.el6_0.i686.rpm acroread-plugin-9.4.2-3.el6_0.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:

Read the Full Advisory

Severity

critical

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2011:0301-01

Product: Red Hat Enterprise Linux Extras

Advisory URL: https://access.redhat.com/errata/RHSA-2011:0301.html

Issue date: 2011-02-23

Topic

Updated acroread packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 and 6 Supplementary.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.

Topics Covered

security advisory security update critical risk assessment xss red hat enterprise acroread

Relevant Releases Architectures

Red Hat Desktop version 4 Extras - i386, x86_64

Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64

Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64

Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

Bugs Fixed

676157 - CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acroread: critical APSB11-03

676158 - CVE-2011-0587 CVE-2011-0604 acroread: multiple XSS flaws (APSB11-03)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 4: RHSA-2011:0301-01 Critical: Acroread XSS Risk

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 4: RHSA-2011:0301-01 Critical: Acroread XSS Risk

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!