drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Adobe Reader
Name: |
Mehrere Probleme in Adobe Reader |
|
ID: |
201009-05 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mi, 8. September 2010, 07:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.adobe.com/support/security/bulletins/apsb10-07.html
http://www.adobe.com/support/security/bulletins/apsb10-09.html
http://www.adobe.com/support/security/bulletins/apsb10-14.html
http://www.adobe.com/support/security/bulletins/apsb10-16.html |
|
Applikationen: |
Adobe Reader |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF8B688A7237177D5669E7096 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201009-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: September 07, 2010 Bugs: #297385, #306429, #313343, #322857 ID: 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks.
Background ==========
Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.3.4 >= 9.3.4
Description ===========
Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.
Impact ======
A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or bypass intended sandbox restrictions, make cross-domain requests, inject arbitrary web script or HTML, or cause a Denial of Service condition.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
References ==========
[ 1 ] APSA10-01 http://www.adobe.com/support/security/advisories/apsa10-01.html [ 2 ] APSB10-02 http://www.adobe.com/support/security/bulletins/apsb10-02.html [ 3 ] APSB10-07 http://www.adobe.com/support/security/bulletins/apsb10-07.html [ 4 ] APSB10-09 http://www.adobe.com/support/security/bulletins/apsb10-09.html [ 5 ] APSB10-14 http://www.adobe.com/support/security/bulletins/apsb10-14.html [ 6 ] APSB10-16 http://www.adobe.com/support/security/bulletins/apsb10-16.html [ 7 ] CVE-2009-3953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953 [ 8 ] CVE-2009-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324 [ 9 ] CVE-2010-0186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186 [ 10 ] CVE-2010-0188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188 [ 11 ] CVE-2010-0190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190 [ 12 ] CVE-2010-0191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191 [ 13 ] CVE-2010-0192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192 [ 14 ] CVE-2010-0193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193 [ 15 ] CVE-2010-0194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194 [ 16 ] CVE-2010-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195 [ 17 ] CVE-2010-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196 [ 18 ] CVE-2010-0197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197 [ 19 ] CVE-2010-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198 [ 20 ] CVE-2010-0199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199 [ 21 ] CVE-2010-0201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201 [ 22 ] CVE-2010-0202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202 [ 23 ] CVE-2010-0203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203 [ 24 ] CVE-2010-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204 [ 25 ] CVE-2010-1241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241 [ 26 ] CVE-2010-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285 [ 27 ] CVE-2010-1295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295 [ 28 ] CVE-2010-1297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297 [ 29 ] CVE-2010-2168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168 [ 30 ] CVE-2010-2201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201 [ 31 ] CVE-2010-2202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202 [ 32 ] CVE-2010-2203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203 [ 33 ] CVE-2010-2204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204 [ 34 ] CVE-2010-2205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205 [ 35 ] CVE-2010-2206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206 [ 36 ] CVE-2010-2207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207 [ 37 ] CVE-2010-2208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208 [ 38 ] CVE-2010-2209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209 [ 39 ] CVE-2010-2210 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210 [ 40 ] CVE-2010-2211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211 [ 41 ] CVE-2010-2212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-05.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------enigF8B688A7237177D5669E7096 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkyGj08ACgkQuiczp+KMe7SEkgCeJ2XG0W4UDurMTy7J1ts3W3Tp hqAAoInqGFqr49vNLaVCAmblej4Glz+p =DQHY -----END PGP SIGNATURE-----
--------------enigF8B688A7237177D5669E7096--
|
|
|
|