Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 469960 (CVE-2013-2549)

Summary: <app-text/acroread-9.5.5 : Multiple vulnerabilities (CVE-2013-{2549,2550,2718,2719,2720,2721,2722,2723,2724,2725,2726,2727,2729,2730,2731,2732,2733,2734,2735,2736,2737,3337,3338,3339,3340,3341,3342})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.adobe.com/support/security/bulletins/apsb13-15.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-05-15 13:15:32 UTC 
From ${URL} :

Security updates available for Adobe Reader and Acrobat

Release date: May 14, 2013

Vulnerability identifier: APSB13-15

Priority: See Table Below

CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, 
CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, 
CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, 
CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, 
CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342

* Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2013-07-07 17:05:39 UTC 
Just bumped. Please test and afterwards stabilize. 
Target: amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2013-07-07 19:18:16 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-07-07 19:18:35 UTC 
x86 stable
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2013-07-12 19:50:40 UTC 
All affected versions removed from tree.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-07-13 12:39:10 UTC 
CVE-2013-3342 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 do not properly handle operating-system domain blacklists,
  which has unspecified impact and attack vectors.

CVE-2013-3341 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,
  CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.

CVE-2013-3340 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,
  CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.

CVE-2013-3339 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,
  CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-3338 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,
  CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-3337 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2737 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737):
  A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before
  10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive
  information via unspecified vectors.

CVE-2013-2736 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2735 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2734 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before
  10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-2730.

CVE-2013-2732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2731, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2731 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2730 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730):
  Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before
  10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-2733.

CVE-2013-2729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729):
  Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before
  10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-2727.

CVE-2013-2727 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727):
  Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before
  10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code
  via unspecified vectors, a different vulnerability than CVE-2013-2729.

CVE-2013-2726 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2725 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2726, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2724 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724):
  Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5,
  10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute
  arbitrary code via unspecified vectors.

CVE-2013-2723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2722, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2721, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2721 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720,
  CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2720 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2721,
  CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721,
  CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718):
  Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x
  before 11.0.03 allow attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2013-2719, CVE-2013-2720, CVE-2013-2721,
  CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731,
  CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
  CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

CVE-2013-2550 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550):
  Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass
  the sandbox protection mechanism via unknown vectors, as demonstrated by
  George Hotz during a Pwn2Own competition at CanSecWest 2013.

CVE-2013-2549 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549):
  Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to
  execute arbitrary code via vectors related to a "break into the sandbox," as
  demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-08-22 22:48:50 UTC 
This issue was resolved and addressed in
 GLSA 201308-03 at http://security.gentoo.org/glsa/glsa-201308-03.xml
by GLSA coordinator Chris Reffett (creffett).