Bug 452632 (CVE-2008-2641)

Summary: CVE-2008-2641 acroread: input validation issue in a JavaScript method
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: jan.iven, kreilly, krh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-25 07:51:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 455834, 455835, 455837    
Bug Blocks:    

Description Tomas Hoger 2008-06-24 07:17:23 UTC 
Adobe released a security advisory APSB08-15 fixing critical issue in Adobre
Acrobat Reader:

  http://www.adobe.com/support/security/bulletins/apsb08-15.html

  A critical vulnerability has been identified in Adobe Reader and Acrobat
  8.1.2. This vulnerability would cause the application to crash and could
  potentially allow an attacker to take control of the affected system.

  Adobe recommends users of Acrobat 8 and Adobe Reader install the 8.1.2
  Security Update 1 patch.

  [ ... ]

  This update resolves an input validation issue in a JavaScript method that
  could potentially lead to remote code execution. (CVE-2008-2641)
Comment 1 Tomas Hoger 2008-06-24 07:18:52 UTC 
Adobe security advisory currently only lists Security Update 1 patch for Windows
and Macintosh versions of affected products.
Comment 3 Tomas Hoger 2008-07-18 07:16:02 UTC 
Now fixed in upstream version 8.1.2_SU1 (Security Update 1), also for Linux/Unix
platforms:
  http://www.adobe.com/support/security/bulletins/apsb08-15.html
Comment 4 Red Hat Product Security 2008-07-25 07:51:58 UTC 
This issue was addressed in:

Red Hat Enterprise Linux Extras:
  http://rhn.redhat.com/errata/RHSA-2008-0641.html