Summary: | <app-text/acroread-9.5.1 : Multiple vulnerabilities (CVE-2012-{0774,0775,0776,0777}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.adobe.com/support/security/bulletins/apsb12-08.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 405949 |
Description
Agostino Sarubbo
2012-04-10 18:25:24 UTC
@printing: the advisory says 9.4.6 and earlier for linux but is 9.4.7 not affected or you will bump 9.5.1? can you check please? (In reply to comment #1) > @printing: > > the advisory says 9.4.6 and earlier for linux but is 9.4.7 not affected or > you will bump 9.5.1? can you check please? It's pretty much unclear from the advisory. Anyway, I've bumped to 9.5.1, and recommend you test and stabilize. Seems to work fine here. Ok, in any cases 9.5.1 is unaffected and as upstream recommends I'd say to stabilize it. @security: are you ok with this choise? Yeah... Arches, please test and mark stable: =app-text/acroread-9.5.1 Target keywords : "amd64 x86" x86 stable, thanks! amd64 ok CVE-2012-0777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777): The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2012-0776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776): The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. CVE-2012-0775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775): The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2012-0774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774): Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font. amd64 stable glsa request filed Vulnerable version removed from the tree. Thanks everyone! This issue was resolved and addressed in GLSA 201206-14 at http://security.gentoo.org/glsa/glsa-201206-14.xml by GLSA coordinator Sean Amoss (ackle). |