SUSE Security Update: Security update for Acrobat Reader
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0809-1
Rating:             important
References:         #819918 
Cross-References:   CVE-2013-2549 CVE-2013-2550 CVE-2013-2718
                    CVE-2013-2719 CVE-2013-2720 CVE-2013-2721
                    CVE-2013-2722 CVE-2013-2723 CVE-2013-2724
                    CVE-2013-2725 CVE-2013-2726 CVE-2013-2727
                    CVE-2013-2729 CVE-2013-2730 CVE-2013-2731
                    CVE-2013-2732 CVE-2013-2733 CVE-2013-2734
                    CVE-2013-2735 CVE-2013-2736 CVE-2013-2737
                    CVE-2013-3337 CVE-2013-3338 CVE-2013-3339
                    CVE-2013-3340 CVE-2013-3341 CVE-2013-3342
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes 27 vulnerabilities is now available.
   It includes two new package versions.

Description:


   Acrobat Reader has been updated to version 9.5.5.

   The Adobe Advisory can be found at:
   https://www.adobe.com/support/security/bulletins/apsb13-15.h
   tml
   <https://www.adobe.com/support/security/bulletins/apsb13-15.
   html>

   These updates resolve:

   *

   memory corruption vulnerabilities that could lead to
   code execution (CVE-2013-2718, CVE-2013-2719,
   CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723,
   CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732,
   CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
   CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).

   *

   an integer underflow vulnerability that could lead to
   code execution (CVE-2013-2549).

   *

   a use-after-free vulnerability that could lead to a
   bypass of Adobe Reader's sandbox protection (CVE-2013-2550).

   *

   an information leakage issue involving a Javascript
   API (CVE-2013-2737).

   *

   a stack overflow vulnerability that could lead to
   code execution (CVE-2013-2724).

   *

   buffer overflow vulnerabilities that could lead to
   code execution (CVE-2013-2730, CVE-2013-2733).

   *

   integer overflow vulnerabilities that could lead to
   code execution (CVE-2013-2727, CVE-2013-2729).

   *

   a flaw in the way Reader handles domains that have
   been blacklisted in the operating system (CVE-2013-3342).

   Security Issue references:

   * CVE-2013-2549
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2549
   >
   * CVE-2013-2550
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2550
   >
   * CVE-2013-2718
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2718
   >
   * CVE-2013-2719
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2719
   >
   * CVE-2013-2720
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2720
   >
   * CVE-2013-2721
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2721
   >
   * CVE-2013-2722
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2722
   >
   * CVE-2013-2723
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2723
   >
   * CVE-2013-2724
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2724
   >
   * CVE-2013-2725
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2725
   >
   * CVE-2013-2726
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2726
   >
   * CVE-2013-2727
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2727
   >
   * CVE-2013-2729
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729
   >
   * CVE-2013-2730
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2730
   >
   * CVE-2013-2731
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2731
   >
   * CVE-2013-2732
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2732
   >
   * CVE-2013-2733
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2733
   >
   * CVE-2013-2734
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2734
   >
   * CVE-2013-2735
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2735
   >
   * CVE-2013-2736
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2736
   >
   * CVE-2013-2737
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2737
   >
   * CVE-2013-3337
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3337
   >
   * CVE-2013-3338
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3338
   >
   * CVE-2013-3339
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3339
   >
   * CVE-2013-3340
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3340
   >
   * CVE-2013-3341
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3341
   >
   * CVE-2013-3342
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3342
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-acroread-7734

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP2 (noarch):

      acroread-cmaps-9.4.6-0.4.3.2
      acroread-fonts-ja-9.4.6-0.4.3.2
      acroread-fonts-ko-9.4.6-0.4.3.2
      acroread-fonts-zh_CN-9.4.6-0.4.3.2
      acroread-fonts-zh_TW-9.4.6-0.4.3.2

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.5]:

      acroread-9.5.5-0.3.1

   - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]:

      acroread-cmaps-9.4.6-0.6.63
      acroread-fonts-ja-9.4.6-0.6.63
      acroread-fonts-ko-9.4.6-0.6.63
      acroread-fonts-zh_CN-9.4.6-0.6.63
      acroread-fonts-zh_TW-9.4.6-0.6.63

   - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.5.5]:

      acroread-9.5.5-0.6.1


References:

   http://support.novell.com/security/cve/CVE-2013-2549.html
   http://support.novell.com/security/cve/CVE-2013-2550.html
   http://support.novell.com/security/cve/CVE-2013-2718.html
   http://support.novell.com/security/cve/CVE-2013-2719.html
   http://support.novell.com/security/cve/CVE-2013-2720.html
   http://support.novell.com/security/cve/CVE-2013-2721.html
   http://support.novell.com/security/cve/CVE-2013-2722.html
   http://support.novell.com/security/cve/CVE-2013-2723.html
   http://support.novell.com/security/cve/CVE-2013-2724.html
   http://support.novell.com/security/cve/CVE-2013-2725.html
   http://support.novell.com/security/cve/CVE-2013-2726.html
   http://support.novell.com/security/cve/CVE-2013-2727.html
   http://support.novell.com/security/cve/CVE-2013-2729.html
   http://support.novell.com/security/cve/CVE-2013-2730.html
   http://support.novell.com/security/cve/CVE-2013-2731.html
   http://support.novell.com/security/cve/CVE-2013-2732.html
   http://support.novell.com/security/cve/CVE-2013-2733.html
   http://support.novell.com/security/cve/CVE-2013-2734.html
   http://support.novell.com/security/cve/CVE-2013-2735.html
   http://support.novell.com/security/cve/CVE-2013-2736.html
   http://support.novell.com/security/cve/CVE-2013-2737.html
   http://support.novell.com/security/cve/CVE-2013-3337.html
   http://support.novell.com/security/cve/CVE-2013-3338.html
   http://support.novell.com/security/cve/CVE-2013-3339.html
   http://support.novell.com/security/cve/CVE-2013-3340.html
   http://support.novell.com/security/cve/CVE-2013-3341.html
   http://support.novell.com/security/cve/CVE-2013-3342.html
   https://bugzilla.novell.com/819918
   ?keywords=58cafced3fc6f05d61997a857a3e59ba
   ?keywords=771b7d069a8e369062487e3b94acb033

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org