Bug 505049 - (CVE-2009-0198, CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889, CVE-2009-1855, CVE-2009-1856, CVE-2009-1857, CVE-2009-1858, CVE-2009-1859, CVE-2009-1861, CVE-2009-2028) acroread: multiple security fixes in version 8.1.6 (APSB09-07)
acroread: multiple security fixes in version 8.1.6 (APSB09-07)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
source=adobe,reported=20090608,public...
: Security
Depends On: 505062 505063 505064
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-10 09:56 EDT by Tomas Hoger
Modified: 2009-07-03 17:06 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-17 05:24:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2009-06-10 09:56:24 EDT
Adobe has published a security bulletin APSB09-07 for security issues addressed in Adobe Reader and Acrobat products:

  http://www.adobe.com/support/security/bulletins/apsb09-07.html

Quoting Adobe bulletin APSB09-07 for issues descriptions:

  This update resolves a stack overflow vulnerability that could
  potentially lead to code execution (CVE-2009-1855).

  This update resolves an integer overflow that leads to a Denial of
  Service (DoS); arbitrary code execution has not been demonstrated,
  but may be possible (CVE-2009-1856).

  This update resolves a memory corruption vulnerability that leads
  to a Denial of Service (DoS); arbitrary code execution has not been
  demonstrated, but may be possible (CVE-2009-1857).

  This update resolves a memory corruption vulnerability in the JBIG2
  filter that could potentially lead to code execution (CVE-2009-1858).

  This update resolves a memory corruption vulnerability that could
  potentially lead to code execution (CVE-2009-1859).

  This update resolves a memory corruption vulnerability in the JBIG2
  filter that leads to a Denial of Service (DoS); arbitrary code
  execution has not been demonstrated, but may be possible (CVE-2009-0198).

  This update resolves multiple heap overflow vulnerabilities in the
  JBIG2 filter that could potentially lead to code execution
  (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512,
  CVE-2009-0888, CVE-2009-0889).

  This update resolves multiple heap overflow vulnerabilities that
  could potentially lead to code execution (CVE-2009-1861).

  Additionally, this update resolves Adobe internally discovered issues.

Security fixes are available in product version 9.1.2, 8.1.6, or 7.1.3, currently only available for Windows and Macintosh platforms, updates for UNIX platforms should be released on Jun 16.
Comment 2 Tomas Hoger 2009-06-11 11:39:24 EDT
Additional CVE has been assigned by Mitre - CVE-2009-2028:

Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7
before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe
Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack
vectors, related to "Adobe internally discovered issues."
Comment 4 errata-xmlrpc 2009-06-17 05:16:28 EDT
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1109 https://rhn.redhat.com/errata/RHSA-2009-1109.html

Note You need to log in before you can comment on or make changes to this bug.