Summary: | <app-text/acroread-9.4.7 : Multiple Vulnerabilities (CVE-2011-{2130,2134,2135,2136,2137,2138,2139,2140,2414,2415,2416,2417,2424,2425,2431,2432,2433,2434,2435,2436,2437,2438,2439,2440,2441,2442}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dberkholz |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.adobe.com/support/security/bulletins/apsb11-24.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 393481 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2011-09-14 15:50:16 UTC
Note: Adobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011. CVE-2011-2442 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442): Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability." CVE-2011-2441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441): Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors. CVE-2011-2440 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440): Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. CVE-2011-2439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439): Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability." CVE-2011-2438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438): Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors. CVE-2011-2437 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437): Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434. CVE-2011-2436 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436): Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. CVE-2011-2435 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435): Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. CVE-2011-2434 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434): Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437. CVE-2011-2433 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433): Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437. CVE-2011-2432 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432): Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors. CVE-2011-2431 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431): Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability." -1353 is Windows only Adobe has released 9.4.6 for UNIX. ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/ Please bump. Thanks! For anyone interested, I put a 9.4.6 ebuild in the dberkholz overlay. Looks like they've only released English for now. Just bumped to app-text/acroread-9.4.7 (english only, same as 9.4.6). It might be a good idea to fast-stabilize that (missing localization does not really count with that list of CVE's). Please ignore the repoman warning (there is no src_prepare, and just starting one for the sed call does not make sense). Thank you. We will do stabilization in 393481. added to existing glsa request Thanks everyone. Vulnerable version has been removed from the tree. This issue was resolved and addressed in GLSA 201201-19 at http://security.gentoo.org/glsa/glsa-201201-19.xml by GLSA coordinator Alex Legler (a3li). CVE-2011-4374 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4374): Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors. |