Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/glsa-200910-03.xml
blob: f45671ba3774601b23a628e1c46cec74c84afcb2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200910-03">
  <title>Adobe Reader: Multiple vulnerabilities</title>
  <synopsis>
    Multiple vulnerabilities in Adobe Reader might result in the execution of
    arbitrary code, or other attacks.
  </synopsis>
  <product type="ebuild">acroread</product>
  <announced>2009-10-25</announced>
  <revised>2009-10-25: 01</revised>
  <bug>289016</bug>
  <access>remote</access>
  <affected>
    <package name="app-text/acroread" auto="yes" arch="*">
      <unaffected range="ge">9.2</unaffected>
      <vulnerable range="lt">9.2</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
    reader.
    </p>
  </background>
  <description>
    <p>
    Multiple vulnerabilities were discovered in Adobe Reader. For further
    information please consult the CVE entries and the Adobe Security
    Bulletin referenced below.
    </p>
  </description>
  <impact type="normal">
    <p>
    A remote attacker might entice a user to open a specially crafted PDF
    file, possibly resulting in the execution of arbitrary code with the
    privileges of the user running the application, Denial of Service, the
    creation of arbitrary files on the victim's system, "Trust Manager"
    bypass, or social engineering attacks.
    </p>
  </impact>
  <workaround>
    <p>
    There is no known workaround at this time.
    </p>
  </workaround>
  <resolution>
    <p>
    All Adobe Reader users should upgrade to the latest version:
    </p>
    <code>
    # emerge --sync
    # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.2"</code>
  </resolution>
  <references>
    <uri link="https://www.adobe.com/support/security/bulletins/apsb09-15.html">APSB09-15</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045">CVE-2007-0045</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048">CVE-2007-0048</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979">CVE-2009-2979</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980">CVE-2009-2980</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981">CVE-2009-2981</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982">CVE-2009-2982</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983">CVE-2009-2983</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985">CVE-2009-2985</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986">CVE-2009-2986</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988">CVE-2009-2988</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990">CVE-2009-2990</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991">CVE-2009-2991</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993">CVE-2009-2993</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994">CVE-2009-2994</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996">CVE-2009-2996</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997">CVE-2009-2997</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998">CVE-2009-2998</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431">CVE-2009-3431</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458">CVE-2009-3458</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459">CVE-2009-3459</uri>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462">CVE-2009-3462</uri>
  </references>
  <metadata tag="requester" timestamp="2009-10-24T18:48:21Z">
    keytoaster
  </metadata>
  <metadata tag="submitter" timestamp="2009-10-24T23:09:06Z">
    a3li
  </metadata>
  <metadata tag="bugReady" timestamp="2009-10-24T23:09:17Z">
    a3li
  </metadata>
</glsa>