Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 676157 - (CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0585, CVE-2011-0586, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0606) CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acroread: critical APSB11-03
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-201...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
public=20110208,reported=20110208,sou...
: Security
Depends On: 676161 676162 676163
Blocks:
  Show dependency treegraph
 
Reported: 2011-02-08 18:16 EST by Vincent Danen
Modified: 2015-08-19 05:05 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-06-04 10:32:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0301 normal SHIPPED_LIVE Critical: acroread security update 2011-02-23 16:17:46 EST

  None (edit)
Description Vincent Danen 2011-02-08 18:16:13 EST 
Adobe security bulletin APSB11-03 describes multiple security flaws that can lead to arbitrary code execution when a malicious PDF file is opened in Adobe Reader.

http://www.adobe.com/support/security/bulletins/apsb11-03.html

These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0562).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0563).

These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0565).

These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0566).

These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0567).

These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0570).

These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0585).

These updates resolve an input validation vulnerability that could lead to code execution (CVE-2011-0586).

These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0588).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0589).

These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0590).

These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0591).

These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0592).

These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0593).

These updates resolve a font parsing input validation vulnerability that could lead to code execution (CVE-2011-0594).

These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0595).

These updates resolve a image parsing input validation vulnerability that could lead to code execution (CVE-2011-0596).

These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0598).

These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0599).

These updates resolve a 3D file parsing input validation vulnerability that could lead to code execution (CVE-2011-0600).

These updates resolve an image parsing input validation vulnerability that could lead to code execution (CVE-2011-0602).

These updates resolve an image-parsing memory corruption vulnerability that could lead to code execution (CVE-2011-0603).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0606).

These flaws were corrected in Adobe Reader 9.4.2.  The UNIX packages for Adobe Reader are expected the week of February 28th.


In addition, APSB11-03 also notes a flaw that was reported to have been fixed in APSB10-28 (where it was noted as a memory corruption vulnerability):

These updates resolve an input validation vulnerability that could lead to code execution (CVE-2010-4091).
Comment 2 Vincent Danen 2011-02-08 20:21:18 EST 
Upstream responded and indicated that CVE-2010-4091 was resolved in Adobe Reader 9.4.1 (APSB10-28), and that APSB11-03 fully resolves the issue in 8.2.6 and 10.0.1.
Comment 4 Vincent Danen 2011-02-10 23:10:46 EST 
CVE-2011-0570 and CVE-2011-0588 are Windows-specific and do not affect the UNIX platform.
Comment 5 Tomas Hoger 2011-02-23 02:58:22 EST 
Updated version 9.4.2 is now available on Adobe FTP:
  ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.4.2/
Comment 6 errata-xmlrpc 2011-02-23 16:17:51 EST 
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:0301 https://rhn.redhat.com/errata/RHSA-2011-0301.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.