Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 405949 (CVE-2011-4370) - <app-text/acroread-9.5.1: Multiple Vulnerabilities (CVE-2011-{4370,4371,4372,4373})
Summary: <app-text/acroread-9.5.1: Multiple Vulnerabilities (CVE-2011-{4370,4371,4372,...
Status: RESOLVED FIXED
Alias: CVE-2011-4370
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2012-0774
Blocks:
  Show dependency tree
 
Reported: 2012-02-26 19:45 UTC by GLSAMaker/CVETool Bot
Modified: 2012-06-22 11:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-02-26 19:45:33 UTC
CVE-2011-4373 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2011-4370 and CVE-2011-4372.

CVE-2011-4372 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2011-4370 and CVE-2011-4373.

CVE-2011-4371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (heap memory corruption) via unspecified vectors.

CVE-2011-4370 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370):
  Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and
  Mac OS X allow attackers to execute arbitrary code or cause a denial of
  service (memory corruption) via unspecified vectors, a different
  vulnerability than CVE-2011-4372 and CVE-2011-4373.


These most likely impact acrobat reader for linux too, but we'll have to wait until the next scheduled release for linux to make sure.
Comment 1 Agostino Sarubbo gentoo-dev 2012-04-13 09:12:18 UTC
glsa request filed
Comment 2 Andreas K. Hüttel gentoo-dev 2012-04-14 01:05:01 UTC
Vulnerable version removed from the tree. Thanks everyone!
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-06-22 11:04:00 UTC
This issue was resolved and addressed in
 GLSA 201206-14 at http://security.gentoo.org/glsa/glsa-201206-14.xml
by GLSA coordinator Sean Amoss (ackle).