Bug 810397 (CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373, CVE-2012-0774, CVE-2012-0775, CVE-2012-0777)
Summary: | CVE-2011-4370 CVE-2011-4371 CVE-2011-4372 CVE-2011-4373 CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 acroread: multiple unspecified flaws (APSB12-08, APSB12-01) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | mkasik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-04-10 22:18:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 811091, 811092, 811093, 811094 | ||
Bug Blocks: | 797753 |
Description
Vincent Danen
2012-04-05 20:53:39 UTC
Further details from the bulletin, updated today: These updates resolve an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774). These updates resolve a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775). These updates resolve a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776). These updates resolve a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777) (Macintosh and Linux only). This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2012:0469 https://rhn.redhat.com/errata/RHSA-2012-0469.html Adobe has updated APSB12-08 to note that it also addressed the flaws from APSB12-01 (for which there was no Linux release), in particular addressing CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, and CVE-2011-4373. These four CVEs have been addressed in Linux via APSB12-08. |