Gentoo Bug 233383 - app-text/acroread <8.1.2-r3 Javascript input validation vulnerability (CVE-2008-2641)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	233383
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 233383 depends on:			Show dependency tree
Bug 233383 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-07-30 15:18 0000

CVE-2008-2641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2641):
  Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and
  8.0 through 8.1.2, allows remote attackers to cause a denial of service
  (application crash) or possibly execute arbitrary code via unknown vectors,
  related to an "input validation issue in a JavaScript method."

------- Comment #1 From Robert Buchholz 2008-07-30 15:20:48 0000 -------

For Unix: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3992
...
July 17, 2008 – Bulletin updated to include information for Unix version

Note that we fixed CVE-2008-0883 via bug 212367 already, so this is only the
CVE-2008-2641 flaw.

------- Comment #2 From Timo Gurr 2008-08-01 18:09:47 0000 -------

Thanks for telling me that they released an updated version, fixed in
acroread-8.1.2-r3 now.

------- Comment #3 From Robert Buchholz 2008-08-02 11:53:59 0000 -------

Arches, please test and mark stable:
=app-text/acroread-8.1.2-r3
Target keywords : "amd64 x86"

------- Comment #4 From Tobias Heinlein 2008-08-03 17:14:12 0000 -------

amd64 stable

------- Comment #5 From Markus Ullmann 2008-08-03 21:09:54 0000 -------

x86 stable

------- Comment #6 From Robert Buchholz 2008-08-09 22:44:23 0000 -------

GLSA 200808-10

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 233383

app-text/acroread <8.1.2-r3 Javascript input validation vulnerability (CVE-2008-2641)

Last modified: 2008-08-09 22:44:23 0000