Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 306429 (CVE-2010-0186) - <app-text/acroread-9.3.1 Multiple vulnerabilities (CVE-2010-{0186,0188})
Summary: <app-text/acroread-9.3.1 Multiple vulnerabilities (CVE-2010-{0186,0188})
Status: RESOLVED FIXED
Alias: CVE-2010-0186
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.adobe.com/support/security...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-22 20:24 UTC by Kevin Bryan
Modified: 2011-01-15 16:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin Bryan 2010-02-22 20:24:29 UTC 
CVE-2010-0188, CVE-2010-0186

Version 9.3.1 contains the fixes.
Comment 1 Timo Gurr (RETIRED) gentoo-dev 2010-03-03 23:20:19 UTC 
Adobe Reader 9.3.1 is in CVS now.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-04 11:38:36 UTC 
CVE-2010-0186 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0186):
  Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2,
  Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before
  8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended
  sandbox restrictions and make cross-domain requests via unspecified
  vectors.
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-04 11:39:13 UTC 
CVE-2010-0188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0188):
  Unspecified vulnerability in Adobe Reader and Acrobat 8.x before
  8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of
  service (application crash) or possibly execute arbitrary code via
  unknown vectors.
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-04 11:41:03 UTC 
Arches, please test and mark stable:
=app-text/acroread-9.3.1
Target keywords : "amd64 x86"
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2010-03-04 11:54:56 UTC 
x86 stable
Comment 6 Pacho Ramos gentoo-dev 2010-03-05 19:27:10 UTC 
amd64 stable
Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 19:32:24 UTC 
GLSA request filed.

Printing: Please remove any vulnerable ebuilds.
Comment 8 Timo Gurr (RETIRED) gentoo-dev 2010-03-07 01:39:32 UTC 
(In reply to comment #7)
> Printing: Please remove any vulnerable ebuilds.

Done.
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-01-15 16:27:20 UTC 
This was GLSA 201009-05.