Bug 768517 (CVE-2011-4369)

Summary: CVE-2011-4369 acroread: unspecified vulnerability in PRC component (APSB11-30)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: mkasik
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: acroread 9.4.7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-10 23:00:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 772826, 772827, 772828    
Bug Blocks: 760915    

Description Vincent Danen 2011-12-16 21:21:11 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4369 to
the following vulnerability:

Name: CVE-2011-4369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4369
Assigned: 20111104
Reference: http://www.adobe.com/support/security/bulletins/apsb11-30.html

Unspecified vulnerability in the PRC component in Adobe Reader and
Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x
through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through
10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on
UNIX allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption) via unknown vectors, as
exploited in the wild in December 2011.
Comment 1 Tomas Hoger 2011-12-20 14:30:16 UTC 
Quoting Adobe APSB11-30:

  An update to address these issues in Adobe Reader 9.x for UNIX is planned
  for January 10, 2012.
Comment 5 Vincent Danen 2012-01-10 21:51:16 UTC 
Updated 9.4.7 packages are now available for Linux:

http://www.adobe.com/support/security/bulletins/apsb11-30.html
Comment 6 errata-xmlrpc 2012-01-10 22:57:25 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2012:0011 https://rhn.redhat.com/errata/RHSA-2012-0011.html