Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 313343 (CVE-2010-1241)

Summary: <app-text/acroread-9.3.2 arbitrary code execution (CVE-2010-{0190,0191,0192,0193,0194,0195,0196,0197,0198,0199,0201,0202,0203,0204,1241})
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: printing
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.adobe.com/support/security/bulletins/apsb10-09.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-04-06 04:04:03 UTC 
CVE-2010-1241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1241):
  The custom heap management system in Adobe Reader 9.3.1 allows remote
  attackers to execute arbitrary code or cause a denial of service
  (heap memory corruption) via a crafted PDF document, aka FG-VD-10-005.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-09 16:53:27 UTC 
Adobe expects to make these quarterly updates available on April 13, 2010.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:03:08 UTC 
CVE-2010-1241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1241):
  The custom heap management system in Adobe Reader 9.3.1 allows remote
  attackers to execute arbitrary code or cause a denial of service
  (heap memory corruption) via a crafted PDF document, aka FG-VD-10-005.
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-14 08:31:42 UTC 
The new version is available, please bump ASAP!
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-19 13:34:07 UTC 
Printing, when do you plan to add an ebuild for this?
Comment 5 Timo Gurr (RETIRED) gentoo-dev 2010-04-19 14:07:33 UTC 
I'm going to add it later today.
Comment 6 Timo Gurr (RETIRED) gentoo-dev 2010-04-19 20:51:48 UTC 
acroread-9.3.2 in CVS now, thanks.
Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-21 15:43:32 UTC 
rerating
Comment 8 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-21 17:00:30 UTC 
CVE-2010-0190 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0190):
  Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat
  9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X,
  allows remote attackers to inject arbitrary web script or HTML via
  unspecified vectors.

CVE-2010-0191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0191):
  Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on
  Windows and Mac OS X, allow attackers to execute arbitrary code via
  unspecified vectors, related to a "prefix protocol handler
  vulnerability."

CVE-2010-0192 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0192):
  Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
  9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers
  to cause a denial of service or possibly execute arbitrary code via
  unknown vectors, a different vulnerability than CVE-2010-0193 and
  CVE-2010-0196.

CVE-2010-0193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0193):
  Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
  9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers
  to cause a denial of service or possibly execute arbitrary code via
  unknown vectors, a different vulnerability than CVE-2010-0192 and
  CVE-2010-0196.

CVE-2010-0194 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0194):
  Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on
  Windows and Mac OS X, allow attackers to cause a denial of service
  (memory corruption) or execute arbitrary code via unspecified
  vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201,
  and CVE-2010-0204.

CVE-2010-0195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0195):
  Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on
  Windows and Mac OS X, do not properly handle fonts, which allows
  attackers to execute arbitrary code via unspecified vectors.

CVE-2010-0196 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0196):
  Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
  9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers
  to cause a denial of service or possibly execute arbitrary code via
  unknown vectors, a different vulnerability than CVE-2010-0192 and
  CVE-2010-0193.

CVE-2010-0197 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0197):
  Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on
  Windows and Mac OS X, allow attackers to cause a denial of service
  (memory corruption) or execute arbitrary code via unspecified
  vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201,
  and CVE-2010-0204.

CVE-2010-0198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0198):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x
  before 8.2.2 on Windows and Mac OS X, allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.

CVE-2010-0199 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0199):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x
  before 8.2.2 on Windows and Mac OS X, allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.

CVE-2010-0201 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0201):
  Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on
  Windows and Mac OS X, allow attackers to cause a denial of service
  (memory corruption) or execute arbitrary code via unspecified
  vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197,
  and CVE-2010-0204.

CVE-2010-0202 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0202):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x
  before 8.2.2 on Windows and Mac OS X, allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203.

CVE-2010-0203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0203):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x
  before 8.2.2 on Windows and Mac OS X, allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability
  than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202.

CVE-2010-0204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0204):
  Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on
  Windows and Mac OS X, allow attackers to cause a denial of service
  (memory corruption) or execute arbitrary code via unspecified
  vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197,
  and CVE-2010-0201.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-31 11:03:55 UTC 
Arches, please test and mark stable:
=app-text/acroread-9.3.2
Target keywords : "amd64 x86"
Comment 10 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-05-31 13:44:27 UTC 
x86 stable
Comment 11 Markus Meier gentoo-dev 2010-05-31 19:46:06 UTC 
amd64 stable, all arches done.
Comment 12 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-01 21:58:34 UTC 
Thanks everyone, GLSA request filed.
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-01-15 16:27:35 UTC 
This was GLSA 201009-05.