blob: f3e319559c13f8bf205fd2d0c221e21e7280cda9 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200910-03">
<title>Adobe Reader: Multiple vulnerabilities</title>
<synopsis>
Multiple vulnerabilities in Adobe Reader might result in the execution of
arbitrary code, or other attacks.
</synopsis>
<product type="ebuild">acroread</product>
<announced>October 25, 2009</announced>
<revised>October 25, 2009: 01</revised>
<bug>289016</bug>
<access>remote</access>
<affected>
<package name="app-text/acroread" auto="yes" arch="*">
<unaffected range="ge">9.2</unaffected>
<vulnerable range="lt">9.2</vulnerable>
</package>
</affected>
<background>
<p>
Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
reader.
</p>
</background>
<description>
<p>
Multiple vulnerabilities were discovered in Adobe Reader. For further
information please consult the CVE entries and the Adobe Security
Bulletin referenced below.
</p>
</description>
<impact type="normal">
<p>
A remote attacker might entice a user to open a specially crafted PDF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running the application, Denial of Service, the
creation of arbitrary files on the victim's system, "Trust Manager"
bypass, or social engineering attacks.
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All Adobe Reader users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/acroread-9.2&quot;</code>
</resolution>
<references>
<uri link="http://www.adobe.com/support/security/bulletins/apsb09-15.html">APSB09-15</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045">CVE-2007-0045</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048">CVE-2007-0048</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979">CVE-2009-2979</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980">CVE-2009-2980</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981">CVE-2009-2981</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982">CVE-2009-2982</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983">CVE-2009-2983</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985">CVE-2009-2985</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986">CVE-2009-2986</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988">CVE-2009-2988</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990">CVE-2009-2990</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991">CVE-2009-2991</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993">CVE-2009-2993</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994">CVE-2009-2994</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996">CVE-2009-2996</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997">CVE-2009-2997</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998">CVE-2009-2998</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431">CVE-2009-3431</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458">CVE-2009-3458</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459">CVE-2009-3459</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462">CVE-2009-3462</uri>
</references>
<metadata tag="requester" timestamp="Sat, 24 Oct 2009 18:48:21 +0000">
keytoaster
</metadata>
<metadata tag="submitter" timestamp="Sat, 24 Oct 2009 23:09:06 +0000">
a3li
</metadata>
<metadata tag="bugReady" timestamp="Sat, 24 Oct 2009 23:09:17 +0000">
a3li
</metadata>
</glsa>