Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 306429 (CVE-2010-0186) - <app-text/acroread-9.3.1 Multiple vulnerabilities (CVE-2010-{0186,0188})
Summary: <app-text/acroread-9.3.1 Multiple vulnerabilities (CVE-2010-{0186,0188})
Status: RESOLVED FIXED
Alias: CVE-2010-0186
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.adobe.com/support/security...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-22 20:24 UTC by Kevin Bryan
Modified: 2011-01-15 16:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin Bryan 2010-02-22 20:24:29 UTC
CVE-2010-0188, CVE-2010-0186

Version 9.3.1 contains the fixes.
Comment 1 Timo Gurr (RETIRED) gentoo-dev 2010-03-03 23:20:19 UTC
Adobe Reader 9.3.1 is in CVS now.
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-03-04 11:38:36 UTC
CVE-2010-0186 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0186):
  Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2,
  Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before
  8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended
  sandbox restrictions and make cross-domain requests via unspecified
  vectors.

Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-03-04 11:39:13 UTC
CVE-2010-0188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0188):
  Unspecified vulnerability in Adobe Reader and Acrobat 8.x before
  8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of
  service (application crash) or possibly execute arbitrary code via
  unknown vectors.

Comment 4 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-03-04 11:41:03 UTC
Arches, please test and mark stable:
=app-text/acroread-9.3.1
Target keywords : "amd64 x86"
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2010-03-04 11:54:56 UTC
x86 stable
Comment 6 Pacho Ramos gentoo-dev 2010-03-05 19:27:10 UTC
amd64 stable
Comment 7 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-03-05 19:32:24 UTC
GLSA request filed.

Printing: Please remove any vulnerable ebuilds.
Comment 8 Timo Gurr (RETIRED) gentoo-dev 2010-03-07 01:39:32 UTC
(In reply to comment #7)
> Printing: Please remove any vulnerable ebuilds.

Done.
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-01-15 16:27:20 UTC
This was GLSA 201009-05.