| <?xml version="1.0" encoding="utf-8"?> |
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
| |
| <glsa id="200910-03"> |
| <title>Adobe Reader: Multiple vulnerabilities</title> |
| <synopsis> |
| Multiple vulnerabilities in Adobe Reader might result in the execution of |
| arbitrary code, or other attacks. |
| </synopsis> |
| <product type="ebuild">acroread</product> |
| <announced>October 25, 2009</announced> |
| <revised>October 25, 2009: 01</revised> |
| <bug>289016</bug> |
| <access>remote</access> |
| <affected> |
| <package name="app-text/acroread" auto="yes" arch="*"> |
| <unaffected range="ge">9.2</unaffected> |
| <vulnerable range="lt">9.2</vulnerable> |
| </package> |
| </affected> |
| <background> |
| <p> |
| Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF |
| reader. |
| </p> |
| </background> |
| <description> |
| <p> |
| Multiple vulnerabilities were discovered in Adobe Reader. For further |
| information please consult the CVE entries and the Adobe Security |
| Bulletin referenced below. |
| </p> |
| </description> |
| <impact type="normal"> |
| <p> |
| A remote attacker might entice a user to open a specially crafted PDF |
| file, possibly resulting in the execution of arbitrary code with the |
| privileges of the user running the application, Denial of Service, the |
| creation of arbitrary files on the victim's system, "Trust Manager" |
| bypass, or social engineering attacks. |
| </p> |
| </impact> |
| <workaround> |
| <p> |
| There is no known workaround at this time. |
| </p> |
| </workaround> |
| <resolution> |
| <p> |
| All Adobe Reader users should upgrade to the latest version: |
| </p> |
| <code> |
| # emerge --sync |
| # emerge --ask --oneshot --verbose ">=app-text/acroread-9.2"</code> |
| </resolution> |
| <references> |
| <uri link="http://www.adobe.com/support/security/bulletins/apsb09-15.html">APSB09-15</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045">CVE-2007-0045</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048">CVE-2007-0048</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979">CVE-2009-2979</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980">CVE-2009-2980</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981">CVE-2009-2981</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982">CVE-2009-2982</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983">CVE-2009-2983</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985">CVE-2009-2985</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986">CVE-2009-2986</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988">CVE-2009-2988</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990">CVE-2009-2990</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991">CVE-2009-2991</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993">CVE-2009-2993</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994">CVE-2009-2994</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996">CVE-2009-2996</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997">CVE-2009-2997</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998">CVE-2009-2998</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431">CVE-2009-3431</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458">CVE-2009-3458</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459">CVE-2009-3459</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462">CVE-2009-3462</uri> |
| </references> |
| <metadata tag="requester" timestamp="Sat, 24 Oct 2009 18:48:21 +0000"> |
| keytoaster |
| </metadata> |
| <metadata tag="submitter" timestamp="Sat, 24 Oct 2009 23:09:06 +0000"> |
| a3li |
| </metadata> |
| <metadata tag="bugReady" timestamp="Sat, 24 Oct 2009 23:09:17 +0000"> |
| a3li |
| </metadata> |
| </glsa> |