| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
| <glsa id="201308-03"> |
| <title>Adobe Reader: Multiple vulnerabilities</title> |
| <synopsis>Multiple vulnerabilities have been found in Adobe Reader, including |
| potential remote execution of arbitrary code and local privilege |
| escalation. |
| </synopsis> |
| <product type="ebuild">Ebuild</product> |
| <announced>August 22, 2013</announced> |
| <revised>January 30, 2014: 2</revised> |
| <bug>431732</bug> |
| <bug>451058</bug> |
| <bug>469960</bug> |
| <access>local, remote</access> |
| <affected> |
| <package name="app-text/acroread" auto="yes" arch="*"> |
| <unaffected range="ge">9.5.5</unaffected> |
| <vulnerable range="lt">9.5.5</vulnerable> |
| </package> |
| </affected> |
| <background> |
| <p>Adobe Reader is a closed-source PDF reader.</p> |
| </background> |
| <description> |
| <p>Multiple vulnerabilities have been discovered in Adobe Reader. Please |
| review the CVE identifiers referenced below for details. |
| </p> |
| </description> |
| <impact type="high"> |
| <p>A remote attacker could entice a user to open a specially crafted PDF |
| file, possibly resulting in arbitrary code execution or a Denial of |
| Service condition. A local attacker could gain privileges via unspecified |
| vectors. |
| </p> |
| </impact> |
| <workaround> |
| <p>There is no known workaround at this time.</p> |
| </workaround> |
| <resolution> |
| <p>All Adobe Reader users should upgrade to the latest version:</p> |
| |
| <code> |
| # emerge --sync |
| # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5" |
| </code> |
| |
| </resolution> |
| <references> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525">CVE-2012-1525</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530">CVE-2012-1530</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049">CVE-2012-2049</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050">CVE-2012-2050</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051">CVE-2012-2051</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147">CVE-2012-4147</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4148">CVE-2012-4148</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149">CVE-2012-4149</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150">CVE-2012-4150</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151">CVE-2012-4151</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152">CVE-2012-4152</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153">CVE-2012-4153</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154">CVE-2012-4154</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155">CVE-2012-4155</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156">CVE-2012-4156</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157">CVE-2012-4157</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158">CVE-2012-4158</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159">CVE-2012-4159</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160">CVE-2012-4160</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363">CVE-2012-4363</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601">CVE-2013-0601</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602">CVE-2013-0602</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603">CVE-2013-0603</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604">CVE-2013-0604</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605">CVE-2013-0605</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606">CVE-2013-0606</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607">CVE-2013-0607</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608">CVE-2013-0608</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609">CVE-2013-0609</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610">CVE-2013-0610</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611">CVE-2013-0611</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612">CVE-2013-0612</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613">CVE-2013-0613</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614">CVE-2013-0614</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615">CVE-2013-0615</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616">CVE-2013-0616</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617">CVE-2013-0617</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618">CVE-2013-0618</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619">CVE-2013-0619</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620">CVE-2013-0620</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621">CVE-2013-0621</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622">CVE-2013-0622</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623">CVE-2013-0623</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624">CVE-2013-0624</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626">CVE-2013-0626</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627">CVE-2013-0627</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640">CVE-2013-0640</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641">CVE-2013-0641</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549">CVE-2013-2549</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550">CVE-2013-2550</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718">CVE-2013-2718</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719">CVE-2013-2719</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720">CVE-2013-2720</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721">CVE-2013-2721</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722">CVE-2013-2722</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723">CVE-2013-2723</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724">CVE-2013-2724</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725">CVE-2013-2725</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726">CVE-2013-2726</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727">CVE-2013-2727</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729">CVE-2013-2729</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730">CVE-2013-2730</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731">CVE-2013-2731</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732">CVE-2013-2732</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733">CVE-2013-2733</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734">CVE-2013-2734</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735">CVE-2013-2735</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736">CVE-2013-2736</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737">CVE-2013-2737</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337">CVE-2013-3337</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338">CVE-2013-3338</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339">CVE-2013-3339</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340">CVE-2013-3340</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341">CVE-2013-3341</uri> |
| <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342">CVE-2013-3342</uri> |
| </references> |
| <metadata tag="requester" timestamp="Mon, 04 Mar 2013 23:42:51 +0000">ackle</metadata> |
| <metadata tag="submitter" timestamp="Thu, 30 Jan 2014 07:45:58 +0000"> |
| creffett |
| </metadata> |
| </glsa> |