Arr1val has discovered two vulnerabilities in Adobe Reader, which can be exploited by malicious people to potentially compromise a user's system.
Successful exploitation may allow execution of arbitrary code.
Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to
cause a denial of service (memory corruption) or execute arbitrary
code via a PDF file that contains an annotation, and has an
crafted integer arguments.
Reader 8.1.4 and 9.1 on Linux allows remote attackers to cause a
denial of service (memory corruption) or execute arbitrary code via a
PDF file that triggers a call to this method with a long string in
the second argument.
"We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009."
They have been released:
There are several new security issues:
Adobe states that updates for Linux will be available on 16th June, I'll take care of the bumps then (8.1.6/9.1.2).
Tarballs are available on the Adobe mirrors now, I've committed updated ebuilds (8.1.6/9.1.2).