metadata/glsa/glsa-201308-03.xml - chromiumos/overlays/portage - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
 <glsa id="201308-03">
   <title>Adobe Reader: Multiple vulnerabilities</title>
   <synopsis>Multiple vulnerabilities have been found in Adobe Reader, including
     potential remote execution of arbitrary code and local privilege
     escalation.
   </synopsis>
   <product type="ebuild">Ebuild</product>
   <announced>August 22, 2013</announced>
   <revised>January 30, 2014: 2</revised>
   <bug>431732</bug>
   <bug>451058</bug>
   <bug>469960</bug>
   <access>local, remote</access>
   <affected>
     <package name="app-text/acroread" auto="yes" arch="*">
       <unaffected range="ge">9.5.5</unaffected>
       <vulnerable range="lt">9.5.5</vulnerable>
     </package>
   </affected>
   <background>
     <p>Adobe Reader is a closed-source PDF reader.</p>
   </background>
   <description>
     <p>Multiple vulnerabilities have been discovered in Adobe Reader. Please
       review the CVE identifiers referenced below for details.
     </p>
   </description>
   <impact type="high">
     <p>A remote attacker could entice a user to open a specially crafted PDF
       file, possibly resulting in arbitrary code execution or a Denial of
       Service condition. A local attacker could gain privileges via unspecified
       vectors.
     </p>
   </impact>
   <workaround>
     <p>There is no known workaround at this time.</p>
   </workaround>
   <resolution>
     <p>All Adobe Reader users should upgrade to the latest version:</p>

     <code>
       # emerge --sync
       # emerge --ask --oneshot --verbose "&gt;=app-text/acroread-9.5.5"
     </code>

   </resolution>
   <references>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525">CVE-2012-1525</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530">CVE-2012-1530</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049">CVE-2012-2049</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050">CVE-2012-2050</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051">CVE-2012-2051</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147">CVE-2012-4147</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4148">CVE-2012-4148</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149">CVE-2012-4149</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150">CVE-2012-4150</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151">CVE-2012-4151</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152">CVE-2012-4152</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153">CVE-2012-4153</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154">CVE-2012-4154</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155">CVE-2012-4155</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156">CVE-2012-4156</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157">CVE-2012-4157</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158">CVE-2012-4158</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159">CVE-2012-4159</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160">CVE-2012-4160</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363">CVE-2012-4363</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601">CVE-2013-0601</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602">CVE-2013-0602</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603">CVE-2013-0603</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604">CVE-2013-0604</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605">CVE-2013-0605</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606">CVE-2013-0606</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607">CVE-2013-0607</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608">CVE-2013-0608</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609">CVE-2013-0609</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610">CVE-2013-0610</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611">CVE-2013-0611</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612">CVE-2013-0612</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613">CVE-2013-0613</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614">CVE-2013-0614</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615">CVE-2013-0615</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616">CVE-2013-0616</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617">CVE-2013-0617</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618">CVE-2013-0618</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619">CVE-2013-0619</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620">CVE-2013-0620</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621">CVE-2013-0621</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622">CVE-2013-0622</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623">CVE-2013-0623</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624">CVE-2013-0624</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626">CVE-2013-0626</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627">CVE-2013-0627</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640">CVE-2013-0640</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641">CVE-2013-0641</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549">CVE-2013-2549</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550">CVE-2013-2550</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718">CVE-2013-2718</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719">CVE-2013-2719</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720">CVE-2013-2720</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721">CVE-2013-2721</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722">CVE-2013-2722</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723">CVE-2013-2723</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724">CVE-2013-2724</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725">CVE-2013-2725</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726">CVE-2013-2726</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727">CVE-2013-2727</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729">CVE-2013-2729</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730">CVE-2013-2730</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731">CVE-2013-2731</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732">CVE-2013-2732</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733">CVE-2013-2733</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734">CVE-2013-2734</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735">CVE-2013-2735</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736">CVE-2013-2736</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737">CVE-2013-2737</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337">CVE-2013-3337</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338">CVE-2013-3338</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339">CVE-2013-3339</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340">CVE-2013-3340</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341">CVE-2013-3341</uri>
     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342">CVE-2013-3342</uri>
   </references>
   <metadata tag="requester" timestamp="Mon, 04 Mar 2013 23:42:51 +0000">ackle</metadata>
   <metadata tag="submitter" timestamp="Thu, 30 Jan 2014 07:45:58 +0000">
     creffett
   </metadata>
 </glsa>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
	<glsa id="201308-03">
	<title>Adobe Reader: Multiple vulnerabilities</title>
	<synopsis>Multiple vulnerabilities have been found in Adobe Reader, including
	potential remote execution of arbitrary code and local privilege
	escalation.
	</synopsis>
	<product type="ebuild">Ebuild</product>
	<announced>August 22, 2013</announced>
	<revised>January 30, 2014: 2</revised>
	<bug>431732</bug>
	<bug>451058</bug>
	<bug>469960</bug>
	<access>local, remote</access>
	<affected>
	<package name="app-text/acroread" auto="yes" arch="*">
	<unaffected range="ge">9.5.5</unaffected>
	<vulnerable range="lt">9.5.5</vulnerable>
	</package>
	</affected>
	<background>
	<p>Adobe Reader is a closed-source PDF reader.</p>
	</background>
	<description>
	<p>Multiple vulnerabilities have been discovered in Adobe Reader. Please
	review the CVE identifiers referenced below for details.
	</p>
	</description>
	<impact type="high">
	<p>A remote attacker could entice a user to open a specially crafted PDF
	file, possibly resulting in arbitrary code execution or a Denial of
	Service condition. A local attacker could gain privileges via unspecified
	vectors.
	</p>
	</impact>
	<workaround>
	<p>There is no known workaround at this time.</p>
	</workaround>
	<resolution>
	<p>All Adobe Reader users should upgrade to the latest version:</p>

	<code>
	# emerge --sync
	# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
	</code>

	</resolution>
	<references>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525">CVE-2012-1525</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530">CVE-2012-1530</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049">CVE-2012-2049</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050">CVE-2012-2050</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051">CVE-2012-2051</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147">CVE-2012-4147</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4148">CVE-2012-4148</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149">CVE-2012-4149</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150">CVE-2012-4150</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151">CVE-2012-4151</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152">CVE-2012-4152</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153">CVE-2012-4153</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154">CVE-2012-4154</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155">CVE-2012-4155</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156">CVE-2012-4156</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157">CVE-2012-4157</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158">CVE-2012-4158</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159">CVE-2012-4159</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160">CVE-2012-4160</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363">CVE-2012-4363</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601">CVE-2013-0601</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602">CVE-2013-0602</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603">CVE-2013-0603</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604">CVE-2013-0604</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605">CVE-2013-0605</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606">CVE-2013-0606</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607">CVE-2013-0607</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608">CVE-2013-0608</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609">CVE-2013-0609</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610">CVE-2013-0610</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611">CVE-2013-0611</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612">CVE-2013-0612</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613">CVE-2013-0613</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614">CVE-2013-0614</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615">CVE-2013-0615</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616">CVE-2013-0616</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617">CVE-2013-0617</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618">CVE-2013-0618</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619">CVE-2013-0619</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620">CVE-2013-0620</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621">CVE-2013-0621</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622">CVE-2013-0622</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623">CVE-2013-0623</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624">CVE-2013-0624</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626">CVE-2013-0626</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627">CVE-2013-0627</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640">CVE-2013-0640</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641">CVE-2013-0641</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549">CVE-2013-2549</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550">CVE-2013-2550</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718">CVE-2013-2718</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719">CVE-2013-2719</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720">CVE-2013-2720</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721">CVE-2013-2721</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722">CVE-2013-2722</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723">CVE-2013-2723</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724">CVE-2013-2724</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725">CVE-2013-2725</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726">CVE-2013-2726</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727">CVE-2013-2727</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729">CVE-2013-2729</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730">CVE-2013-2730</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731">CVE-2013-2731</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732">CVE-2013-2732</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733">CVE-2013-2733</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734">CVE-2013-2734</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735">CVE-2013-2735</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736">CVE-2013-2736</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737">CVE-2013-2737</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337">CVE-2013-3337</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338">CVE-2013-3338</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339">CVE-2013-3339</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340">CVE-2013-3340</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341">CVE-2013-3341</uri>
	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342">CVE-2013-3342</uri>
	</references>
	<metadata tag="requester" timestamp="Mon, 04 Mar 2013 23:42:51 +0000">ackle</metadata>
	<metadata tag="submitter" timestamp="Thu, 30 Jan 2014 07:45:58 +0000">
	creffett
	</metadata>
	</glsa>