Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 451058 (CVE-2012-1530)

Summary: <app-text/acroread-9.5.4: Multiple vulnerabilities (CVE-2012-1530,CVE-2013-{0601,0602,0603,0604,0605,0606,0607,0608,0609,0610,0611,0612,0613,0614,0615,0616,0617,0618,0619,0620,0621,0622,0623,0624,0626,0627,0640,0641})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.adobe.com/support/security/bulletins/apsb13-02.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-01-09 15:11:38 UTC 
A different bug than 431732 because the first has upstream status and this one has ebuild status

From $URL :

Users of Adobe Reader 9.5.1 and earlier versions for Linux should update to Adobe Reader 9.5.3.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-01-16 00:04:03 UTC 
CVE-2013-0627 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627):
  Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x
  before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges
  via unknown vectors.

CVE-2013-0626 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626):
  Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3,
  10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2013-0610.

CVE-2013-0624 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to bypass intended access restrictions via
  unspecified vectors, a different vulnerability than CVE-2013-0622.

CVE-2013-0623 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605,
  CVE-2013-0616, CVE-2013-0619, and CVE-2013-0620.

CVE-2013-0622 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to bypass intended access restrictions via
  unspecified vectors, a different vulnerability than CVE-2013-0624.

CVE-2013-0621 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before
  10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-0606,
  CVE-2013-0612, CVE-2013-0615, and CVE-2013-0617.

CVE-2013-0620 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605,
  CVE-2013-0616, CVE-2013-0619, and CVE-2013-0623.

CVE-2013-0619 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605,
  CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623.

CVE-2013-0618 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code via unspecified
  vectors, related to a "logic error," a different vulnerability than
  CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614.

CVE-2013-0617 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before
  10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-0606,
  CVE-2013-0612, CVE-2013-0615, and CVE-2013-0621.

CVE-2013-0616 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605,
  CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.

CVE-2013-0615 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before
  10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-0606,
  CVE-2013-0612, CVE-2013-0617, and CVE-2013-0621.

CVE-2013-0614 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code via unspecified
  vectors, related to a "logic error," a different vulnerability than
  CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0618.

CVE-2013-0613 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613):
  Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before
  10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-0609.

CVE-2013-0612 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before
  10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-0606,
  CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621.

CVE-2013-0611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code via unspecified
  vectors, related to a "logic error," a different vulnerability than
  CVE-2013-0607, CVE-2013-0608, CVE-2013-0614, and CVE-2013-0618.

CVE-2013-0610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610):
  Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3,
  10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2013-0626.

CVE-2013-0609 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609):
  Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before
  10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-0613.

CVE-2013-0608 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code via unspecified
  vectors, related to a "logic error," a different vulnerability than
  CVE-2013-0607, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618.

CVE-2013-0607 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code via unspecified
  vectors, related to a "logic error," a different vulnerability than
  CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618.

CVE-2013-0606 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before
  10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-0612,
  CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621.

CVE-2013-0605 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0616,
  CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.

CVE-2013-0604 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604):
  Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3,
  10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2013-0603.

CVE-2013-0603 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603):
  Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3,
  10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute
  arbitrary code via unspecified vectors, a different vulnerability than
  CVE-2013-0604.

CVE-2013-0602 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602):
  Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3,
  10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute
  arbitrary code via unspecified vectors.

CVE-2013-0601 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2012-1530, CVE-2013-0605, CVE-2013-0616,
  CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.

CVE-2012-1530 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530):
  Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x
  before 11.0.1 allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-0601, CVE-2013-0605, CVE-2013-0616,
  CVE-2013-0619, CVE-2013-0620, and CVE-2013-0623.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 23:28:23 UTC 
CVE-2013-0641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before
  10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary
  code via a crafted PDF document, as exploited in the wild in February 2013.

CVE-2013-0640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640):
  Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x
  before 11.0.02 allow remote attackers to execute arbitrary code or cause a
  denial of service (memory corruption) via a crafted PDF document, as
  exploited in the wild in February 2013.
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2013-03-04 23:42:59 UTC 
New GLSA request filed.
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2013-05-11 21:42:03 UTC 
No affected versions in the tree anymore.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-08-22 22:48:48 UTC 
This issue was resolved and addressed in
 GLSA 201308-03 at http://security.gentoo.org/glsa/glsa-201308-03.xml
by GLSA coordinator Chris Reffett (creffett).