Bug 233383 (CVE-2008-2641)

Summary:	app-text/acroread <8.1.2-r3 Javascript input validation vulnerability (CVE-2008-2641)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	printing
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.adobe.com/support/security/bulletins/apsb08-15.html
Whiteboard:	A2 [glsa]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2008-07-30 15:18:01 UTC

CVE-2008-2641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2641):
  Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and
  8.0 through 8.1.2, allows remote attackers to cause a denial of service
  (application crash) or possibly execute arbitrary code via unknown vectors,
  related to an "input validation issue in a JavaScript method."

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-07-30 15:20:48 UTC

For Unix: http://www.adobe.com/support/downloads/detail.jsp?ftpID=3992
...
July 17, 2008 – Bulletin updated to include information for Unix version

Note that we fixed CVE-2008-0883 via bug 212367 already, so this is only the CVE-2008-2641 flaw.

Comment 2 Timo Gurr (RETIRED) gentoo-dev

2008-08-01 18:09:47 UTC

Thanks for telling me that they released an updated version, fixed in acroread-8.1.2-r3 now.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-08-02 11:53:59 UTC

Arches, please test and mark stable:
=app-text/acroread-8.1.2-r3
Target keywords : "amd64 x86"

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2008-08-03 17:14:12 UTC

amd64 stable

Comment 5 Markus Ullmann (RETIRED) gentoo-dev

2008-08-03 21:09:54 UTC

x86 stable

Comment 6 Robert Buchholz (RETIRED) gentoo-dev

2008-08-09 22:44:23 UTC

GLSA 200808-10