Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 405949 (CVE-2011-4370)

Summary: <app-text/acroread-9.5.1: Multiple Vulnerabilities (CVE-2011-{4370,4371,4372,4373})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 411499    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2012-02-26 19:45:33 UTC 
CVE-2011-4373 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2011-4370 and CVE-2011-4372.

CVE-2011-4372 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2011-4370 and CVE-2011-4373.

CVE-2011-4371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (heap memory corruption) via unspecified vectors.

CVE-2011-4370 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2011-4372 and CVE-2011-4373.


These most likely impact acrobat reader for linux too, but we'll have to wait until the next scheduled release for linux to make sure.
Comment 1 Agostino Sarubbo gentoo-dev 2012-04-13 09:12:18 UTC 
glsa request filed
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2012-04-14 01:05:01 UTC 
Vulnerable version removed from the tree. Thanks everyone!
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-06-22 11:04:00 UTC 
This issue was resolved and addressed in
 GLSA 201206-14 at http://security.gentoo.org/glsa/glsa-201206-14.xml
by GLSA coordinator Sean Amoss (ackle).