Bug 848183 (CVE-2012-1525, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160)
Summary: | acroread: multiple code execution flaw (APSB12-16) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | mkasik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-24 10:06:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 848188 |
Description
Vincent Danen
2012-08-14 20:36:52 UTC
Adobe has indicated that the next Adobe Reader for Linux will not be available for some time yet. As we cannot patch Reader in any way, we are constrained by the vendor's release schedule and as such will release updates as soon as they are made generally available. Also refer to: http://blogs.adobe.com/asset/2011/06/notes-on-adobe-reader-and-acrobat-10-1.html Specifically the "Support Model Change for Adobe Reader for Linux" which describes that Adobe will only release Reader for Linux updates twice a year (or every other quarterly release). The acroread packages in Red Hat Enterprise Linux 5 and 6 Supplementary were updated to the latest upstream version 9.5.3 via RHSA-2013:0150: https://rhn.redhat.com/errata/RHSA-2013-0150.html According to the Adobe blog post linked in comment #3, this update should contain fixes for all known security issues fixed in previous updates that only provided new Adobe Reader versions for Windows and Macintosh platforms. Even though upstream bulletin APSB12-16 did not get updated by Adobe to list Linux version 9.5.3 as fixing listed security issues, previous upstream statements indicate that should be assumed. Hence closing this. |