| Summary: | <app-text/acroread-8.1.4 remote code execution (CVE-2009-{0193,0658,0927,0928,1061,1062}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | andrea.rizzolo, jdaluz, matsuu, phceac, printing |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.adobe.com/support/security/advisories/apsa09-01.html | ||
| Whiteboard: | B2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Stefan Behte (RETIRED)
2009-02-23 11:34:01 UTC
NOTE: The vendor is in the process of fixing this issue and will release first fixes by March 11, 2009. updates are available for windows now: http://www.adobe.com/support/security/bulletins/apsb09-04.html "Adobe now plans to make available Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix by March 24." CVE-2009-0927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0927): Unspecified vulnerability in Adobe Reader and Adobe Acrobat 9.1 and 7.1.1 allows remote attackers to execute arbitrary code via unknown vectors related to a JavaScript method and input validation, a different vulnerability than CVE-2009-0658. CVE-2009-0193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0193): Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-1061 and CVE-2009-1062. CVE-2009-0928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0928): Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table. CVE-2009-1061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1061): Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062. CVE-2009-1062 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1062): Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1061. Updates are released: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix app-text/acroread-{8.1.4, 9.1} are in CVS now. I'd suggest to stabilize 8.1.4 first since Adobe didn't release 9.1 for all languages yet.
Arches, please test and mark stable: =app-text/acroread-8.1.4 Target keywords : "amd64 x86" amd64 stable x86, ping pong, x86 stable GLSA request filed. GLSA 200904-17. |
