Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 297385 (CVE-2009-4324) - <app-text/acroread-9.3: code execution (CVE-2009-{3953,4324})
Summary: <app-text/acroread-9.3: code execution (CVE-2009-{3953,4324})
Alias: CVE-2009-4324
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2009-12-18 02:19 UTC by Stefan Behte (RETIRED)
Modified: 2011-01-15 16:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-12-18 02:19:45 UTC
CVE-2009-4324 (
  Unspecified vulnerability in Adobe Reader and Acrobat 9.2 and earlier
  has unknown impact and attack vectors, as exploited in the wild in
  December 2009.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-01-13 09:51:49 UTC
New version available, please provide an updated ebuild.
Comment 2 Timo Gurr (RETIRED) gentoo-dev 2010-01-15 15:57:25 UTC
Thanks, Adobe Reader 9.3 in CVS now.
Comment 3 Martin von Gagern 2010-01-15 21:03:36 UTC mentions several CVEs: CVE-2009-{3953,3954,3955,3956,3957,3958,3959,4324}
Maybe you want to expand the Summary here, and mention them all in the GLSA?
Unless the others don't affect Acroread on Linux, that is. Haven't checked.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:03:57 UTC
These seem MacOSX and windows only, sorry for the noise:

*PING* Printing, can this go stable? If so, please change to STABLEREQ and add arches directly.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:41:44 UTC
CVE-2009-3953 (
  The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3,
  and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to
  execute arbitrary code via unspecified vectors, related to an "array
  boundary issue," a different vulnerability than CVE-2009-2994.

Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2010-02-07 10:18:23 UTC
x86 stable
Comment 7 Pacho Ramos gentoo-dev 2010-02-09 12:17:08 UTC
amd64 stable
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-09 16:51:49 UTC
GLSA: yes
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-01-15 16:26:51 UTC
This was GLSA 201009-05.