Hide Forgot
Adobe security bulletin APSB11-03 describes multiple security flaws that can lead to arbitrary code execution when a malicious PDF file is opened in Adobe Reader. http://www.adobe.com/support/security/bulletins/apsb11-03.html These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0562). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0563). These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0565). These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0566). These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0567). These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0570). These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0585). These updates resolve an input validation vulnerability that could lead to code execution (CVE-2011-0586). These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0588). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0589). These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0590). These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0591). These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0592). These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0593). These updates resolve a font parsing input validation vulnerability that could lead to code execution (CVE-2011-0594). These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0595). These updates resolve a image parsing input validation vulnerability that could lead to code execution (CVE-2011-0596). These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0598). These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0599). These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0600). These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0602). These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0603). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0606). These flaws were corrected in Adobe Reader 9.4.2. The UNIX packages for Adobe Reader are expected the week of February 28th. In addition, APSB11-03 also notes a flaw that was reported to have been fixed in APSB10-28 (where it was noted as a memory corruption vulnerability): These updates resolve an input validation vulnerability that could lead to code execution (CVE-2010-4091).
Upstream responded and indicated that CVE-2010-4091 was resolved in Adobe Reader 9.4.1 (APSB10-28), and that APSB11-03 fully resolves the issue in 8.2.6 and 10.0.1.
CVE-2011-0570 and CVE-2011-0588 are Windows-specific and do not affect the UNIX platform.
Updated version 9.4.2 is now available on Adobe FTP: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.4.2/
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:0301 https://rhn.redhat.com/errata/RHSA-2011-0301.html