Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0658 to the following vulnerability: Buffer overflow in Adobe Reader 9.0 and earlier and Acrobat 9.0 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call, as exploited in the wild in February 2009 by Trojan.Pidief.E. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658 http://isc.sans.org/diary.html?n&storyid=5902 http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2 http://www.adobe.com/support/security/advisories/apsa09-01.html http://www.securityfocus.com/bid/33751
Adobe's advisory: http://www.adobe.com/support/security/bulletins/apsb09-03.html Only Adobe Reader 9.1 is now available; for Linux 8.1.3 is still the latest version. The advisory also indicates: "Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25."
Updated versions of Adobe Reader 8.x and 7.x were released for Windows and Macintosh platform: http://www.adobe.com/support/security/bulletins/apsb09-04.html Planned release of updated packages for Unix / Linux was moved to March 24: "Adobe now plans to make available Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix by March 24."
Updates of 8.1.4 for Linux are now available: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
In addition to the iDefense issue, there are other JBIG2-related issues that the new Adobe advisory points out. http://www.adobe.com/support/security/bulletins/apsb09-04.html Details Critical vulnerabilities have been identified in Adobe Reader and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Acrobat and Adobe Reader update their product installations to versions 9.1, 8.1.4, or 7.1.1 using the instructions above to protect themselves from potential vulnerabilities. These updates resolve the JBIG2 filter buffer overflow issue from Security Advisory APSA09-01 and Security Bulletin APSB09-03 (CVE-2009-0658) Note: there are reports that this issue is being exploited These updates resolve additional JBIG2 input validation issues that could potentially lead to remote code execution. (CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062) The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)
This issue has been addressed in following products: Extras for RHEL 3 Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0376 https://rhn.redhat.com/errata/RHSA-2009-0376.html
This issue was addressed in: Red Hat Enterprise Linux Extras: http://rhn.redhat.com/errata/RHSA-2009-0376.html