Sicherheit: Mehrere Probleme in Acrobat Reader

Lesezeichen hinzufügen

SUSE Security Update: Security update for Acrobat Reader
______________________________________________________________________________

Announcement ID: SUSE-SU-2012:0522-1
Rating: important
References: #742126 #756574
Cross-References: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777

Affected Products:
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

An update that fixes three vulnerabilities is now
available. It includes two new package versions.

Description:

Specially crafted PDF files could have caused a denial of
service or have lead to the execution of arbitrary code in
the context of the user running acroread:

* CVE-2012-0774, crafted fonts inside PDFs could allow
attackers to cause an integer overflow, resulting in the
possibility of arbitrary code execution
* CVE-2012-0775, CVE-2012-0777: an issue in acroread's
javascript API could allow attackers to cause a denial of
service or potentially execute arbitrary code

Security Issue references:

* CVE-2012-0774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0774
>
* CVE-2012-0775
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0775
>
* CVE-2012-0777
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0777
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Desktop 11 SP2:

zypper in -t patch sledsp1-acroread-6138

- SUSE Linux Enterprise Desktop 11 SP1:

zypper in -t patch sledsp1-acroread-6138

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 9.4.6]:

acroread-cmaps-9.4.6-0.4.2.3
acroread-fonts-ja-9.4.6-0.4.2.3
acroread-fonts-ko-9.4.6-0.4.2.3
acroread-fonts-zh_CN-9.4.6-0.4.2.3
acroread-fonts-zh_TW-9.4.6-0.4.2.3

- SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.1]:

acroread-9.5.1-0.2.1

- SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 9.4.6]:

acroread-cmaps-9.4.6-0.4.2.3
acroread-fonts-ja-9.4.6-0.4.2.3
acroread-fonts-ko-9.4.6-0.4.2.3
acroread-fonts-zh_CN-9.4.6-0.4.2.3
acroread-fonts-zh_TW-9.4.6-0.4.2.3

- SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 9.5.1]:

acroread-9.5.1-0.2.1

References:

http://support.novell.com/security/cve/CVE-2012-0774.html
http://support.novell.com/security/cve/CVE-2012-0775.html
http://support.novell.com/security/cve/CVE-2012-0777.html
https://bugzilla.novell.com/742126
https://bugzilla.novell.com/756574
?keywords=d50fa4600ca02afa4a43a3170e58aa41

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org