GLSA 201308-03: Adobe Reader: Multiple vulnerabilities

Severity:	high
Title:	Adobe Reader: Multiple vulnerabilities
Date:	08/22/2013
Bugs:	#431732, #451058, #469960
ID:	201308-03

Synopsis

Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation.

Background

Adobe Reader is a closed-source PDF reader.

Affected packages

Package	Vulnerable	Unaffected	Architecture(s)
app-text/acroread	< 9.5.5	>= 9.5.5	All supported architectures

Description

Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in arbitrary code execution or a Denial of Service condition. A local attacker could gain privileges via unspecified vectors.

Workaround

There is no known workaround at this time.

Resolution

All Adobe Reader users should upgrade to the latest version:

      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
    

References

• CVE-2012-1525
• CVE-2012-1530
• CVE-2012-2049
• CVE-2012-2050
• CVE-2012-2051
• CVE-2012-4147
• CVE-2012-4148
• CVE-2012-4149
• CVE-2012-4150
• CVE-2012-4151
• CVE-2012-4152
• CVE-2012-4153
• CVE-2012-4154
• CVE-2012-4155
• CVE-2012-4156
• CVE-2012-4157
• CVE-2012-4158
• CVE-2012-4159
• CVE-2012-4160
• CVE-2012-4363
• CVE-2013-0601
• CVE-2013-0602
• CVE-2013-0603
• CVE-2013-0604
• CVE-2013-0605
• CVE-2013-0606
• CVE-2013-0607
• CVE-2013-0608
• CVE-2013-0609
• CVE-2013-0610
• CVE-2013-0611
• CVE-2013-0612
• CVE-2013-0613
• CVE-2013-0614
• CVE-2013-0615
• CVE-2013-0616
• CVE-2013-0617
• CVE-2013-0618
• CVE-2013-0619
• CVE-2013-0620
• CVE-2013-0621
• CVE-2013-0622
• CVE-2013-0623
• CVE-2013-0624
• CVE-2013-0626
• CVE-2013-0627
• CVE-2013-0640
• CVE-2013-0641
• CVE-2013-2549
• CVE-2013-2550
• CVE-2013-2718
• CVE-2013-2719
• CVE-2013-2720
• CVE-2013-2721
• CVE-2013-2722
• CVE-2013-2723
• CVE-2013-2724
• CVE-2013-2725
• CVE-2013-2726
• CVE-2013-2727
• CVE-2013-2729
• CVE-2013-2730
• CVE-2013-2731
• CVE-2013-2732
• CVE-2013-2733
• CVE-2013-2734
• CVE-2013-2735
• CVE-2013-2736
• CVE-2013-2737
• CVE-2013-3337
• CVE-2013-3338
• CVE-2013-3339
• CVE-2013-3340
• CVE-2013-3341
• CVE-2013-3342

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201308-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.