Bug 528659 (CVE-2009-2980, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2990, CVE-2009-2991, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3458, CVE-2009-3462)

Summary: acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: krh, mjc, mkasik, mmcallis, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.adobe.com/support/security/bulletins/apsb09-15.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-15 07:41:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 528074, 528075, 528076    
Bug Blocks:    

Description Jan Lieskovsky 2009-10-13 08:50:04 UTC
Adobe has published a security bulletin APSB09-15 for security issues,
leading to arbitrary code execution, addressed in Adobe Reader and Acrobat products:

  http://www.adobe.com/support/security/bulletins/apsb09-15.html

Quoting Adobe bulletin APSB09-15 for issues descriptions:

  This update resolves a third party web download product that Adobe Reader 
  uses that could potentially lead to code execution (CVE-2009-2564).

  This update resolves an integer overflow that leads to a Denial of Service 
  (DoS); arbitrary code execution has not been demonstrated, but may be 
  possible (CVE-2009-2980).

  This update resolves a memory corruption issue that leads to a Denial of 
  Service (DoS); arbitrary code execution has not been demonstrated, but
  may be possible (CVE-2009-2983).

  This update resolves a memory corruption issue that could potentially
  lead to code execution (CVE-2009-2985).

  This update resolves multiple heap overflow vulnerabilities that could   
  potentially lead to code execution (CVE-2009-2986).

  This update resolves an integer overflow that could potentially lead
  to code execution (CVE-2009-2989).

  This update resolves an invalid array index issue that could potentially 
  lead to code execution (CVE-2009-2990).

  This update resolves a remote exploitation issue specific to the Mozilla 
  plug-in that could potentially allow an attacker to execute arbitrary code 
  with the privileges of the current user (CVE-2009-2991).

  This update resolves multiple input validation vulnerabilities that
  could potentially lead to code execution (CVE-2009-2993).

  This update resolves a buffer overflow issue that could potentially lead to 
  code execution (CVE-2009-2994).

  This update resolves a memory corruption issue that leads to a Denial of
   Service (DoS); arbitrary code execution has not been demonstrated, but
   may be possible (CVE-2009-2996).

  This update resolves a heap overflow vulnerability that could potentially 
  lead to code execution (CVE-2009-2997).

  This update resolves an input validation issue that could potentially
  lead to code execution (CVE-2009-2998).

  This update resolves an input validation issue that could potentially lead 
  to code execution (CVE-2009-3458).

  This update resolves a memory corruption issue that could potentially
  lead to code execution (CVE-2009-3460).
    
  This update resolves a Unix-only format bug when running in Debug mode
  that could lead to arbitrary code execution (CVE-2009-3462).

Comment 4 Vincent Danen 2009-10-14 00:38:09 UTC
According to the bulletin, the following CVEs only affect Acrobat, not Reader:

This update resolves an integer overflow that could potentially lead to code execution. This issue is specific to Acrobat and does not affect Adobe Reader. (CVE-2009-2989).

This update resolves a memory corruption issue that could potentially lead to code execution. This issue is specific to Acrobat and does not affect Adobe Reader. (CVE-2009-3460).

Comment 5 Tomas Hoger 2009-10-14 07:30:43 UTC
CVE-2009-2564 is for a third-party component used by Windows installer:
  http://blogs.adobe.com/psirt/2009/07/local_privilege_escalation_in.html

Comment 7 errata-xmlrpc 2009-10-14 15:36:34 UTC
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1499 https://rhn.redhat.com/errata/RHSA-2009-1499.html