drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Adobe Reader
Name: |
Mehrere Probleme in Adobe Reader |
|
ID: |
200907-06 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 12. Juli 2009, 19:51 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2028 |
|
Applikationen: |
Adobe Reader |
|
Originalnachricht |
--nextPart1385349.EiWg2CThTm Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: July 12, 2009 Bugs: #267846, #273908 ID: 200907-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Adobe Reader is vulnerable to remote code execution via crafted PDF files.
Background ==========
Adobe Reader is a PDF reader released by Adobe.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 8.1.6 >= 8.1.6
Description ===========
Multiple vulnerabilities have been reported in Adobe Reader:
* Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in the JBIG2 filter (CVE-2009-0198).
* Mark Dowd of the IBM Internet Security Systems X-Force and Nicolas Joly of VUPEN Security reported multiple heap-based buffer overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)
* Arr1val reported that multiple methods in the JavaScript API might lead to memory corruption when called with crafted arguments (CVE-2009-1492, CVE-2009-1493).
* An anonymous researcher reported a stack-based buffer overflow related to U3D model files with a crafted extension block (CVE-2009-1855).
* Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow related to the FlateDecode filter, which triggers a heap-based buffer overflow (CVE-2009-1856).
* Haifei Li of Fortinet's FortiGuard Global Security Research Team reported a memory corruption vulnerability related to TrueType fonts (CVE-2009-1857).
* The Apple Product Security Team reported a memory corruption vulnerability in the JBIG2 filter (CVE-2009-1858).
* Matthew Watchinski of Sourcefire VRT reported an unspecified memory corruption (CVE-2009-1859).
* Will Dormann of CERT reported multiple heap-based buffer overflows when processing JPX (aka JPEG2000) stream that trigger heap memory corruption (CVE-2009-1861).
* Multiple unspecified vulnerabilities have been discovered (CVE-2009-2028).
Impact ======
A remote attacker could entice a user to open a specially crafted document, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.6"
References ==========
[ 1 ] CVE-2009-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0198 [ 2 ] CVE-2009-0509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0509 [ 3 ] CVE-2009-0510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0510 [ 4 ] CVE-2009-0511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0511 [ 5 ] CVE-2009-0512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0512 [ 6 ] CVE-2009-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0888 [ 7 ] CVE-2009-0889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0889 [ 8 ] CVE-2009-1492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492 [ 9 ] CVE-2009-1493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493 [ 10 ] CVE-2009-1855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1855 [ 11 ] CVE-2009-1856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1856 [ 12 ] CVE-2009-1857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1857 [ 13 ] CVE-2009-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1858 [ 14 ] CVE-2009-1859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1859 [ 15 ] CVE-2009-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1861 [ 16 ] CVE-2009-2028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2028
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200907-06.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License =======
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--nextPart1385349.EiWg2CThTm Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux)
iQIcBAABCAAGBQJKWh/aAAoJECaaHo/OfoM5LNMP/RU03cBgnJ3YCl4IvzS+atGv iilTzCpoZ5stij57xzpXJ0hcBn/FuAR+lcviLWRysdH2oRg0CAiQuMxKUDP+/Iv6 IM4y7fc4osQPXKdj3TpPvoTAD3VyELCm7PDGkCdhQEnfmWdcf1KFRaEV5FXBw9Gz 22z1SequWTCcvUjGWqvAX+idpvZBF9zyhVGnfGri56S+wJexvUeNdP4X09Ao+s/s 1PgDess577IJIlBNKp9IPKD2gf2zAe6tq13EIf74UqZtjy6OmZBvnj5PEnjiw1s1 iyhKnrgH1VmK809aw9gqyiZ0uG0UPlMpflU1pK2zNeJW3aREjQMvWYYtAb5tfNDH Y2ykf4UE0JUhO2RD4W0cuQSTz6xZNreqtIFk3rdnbgM0LmlmhwkPMHFPg+QLDcTF zHtrSmA27NJOncJ6orZZv0j1fJ6LBC2lu5UH2X80JEETXiPEb5uO0802zf400LOm xPfYO+pdeqPtbP/4EfRVMdTVHLIY6J35rufxCo+0KOJTQpUEIaI822EPJXROwMVG Yv/+VaZqjeDtbNI3K8APX280xv8+bS8mTU9/MyTl1y6pq5YnxgQOtRF4q6J0KSSk XYB+DtDpKGZV8cOgR/NKlMMt6bddRiJ58so06mTWpTvFYbl/bbV7x942uMpX2jtX 8I1NxVsOlExdPh37VOl8 =0oRl -----END PGP SIGNATURE-----
--nextPart1385349.EiWg2CThTm--
|
|
|
|