Red Hat Bugzilla – Bug 720622
acroread: multiple code execution flaws (APSB11-16)
Last modified: 2016-11-08 11:06:20 EST
Adobe security bulletin APSB11-16 describes multiple security flaws that can lead to arbitrary code execution when a malicious PDF file is opened in Adobe Reader. http://www.adobe.com/support/security/bulletins/apsb11-16.html These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2094). These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2095). These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2096). These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2011-2097). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2098). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2099). These updates resolve a cross document script execution vulnerability that could lead to code execution (CVE-2011-2101). Adobe Reader 9.x package updates for Linux operating system are expected on 13-th September, 2011.
The following flaws, corrected by APSB11-16: http://www.adobe.com/support/security/bulletins/apsb11-16.html are NOT applicable to Adobe Reader 9.x package for Linux operating system: * These updates resolve a DLL loading vulnerability that could lead to code execution (CVE-2011-2100). * These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-2103). Note: Affects 8.x versions only. * These updates resolve a memory corruption vulnerability that could lead to code execution (Macintosh only) (CVE-2011-2106).
Adobe APSB11-16 security bulletin is stating to correct also flaws from: 1) APSB11-12 - http://www.adobe.com/support/security/bulletins/apsb11-12.html These flaws have got dedicated Red Hat Bugzilla issue tracking system entry: [1] https://bugzilla.redhat.com/show_bug.cgi?id=APSB11-12 and flaw from 2) APSB11-13 - http://www.adobe.com/support/security/bulletins/apsb11-13.html This flaw have got a separate Red Hat Bugzilla issue tracking system record: [2] https://bugzilla.redhat.com/show_bug.cgi?id=APSB11-13
(In reply to comment #0) > Adobe Reader 9.x package updates for Linux operating system are expected on > 13-th September, 2011. The release date of upcoming upstream Adobe Reader 9.x update for Linux operating system has been moved to Monday, 7-th November, 2011.
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:1434 https://rhn.redhat.com/errata/RHSA-2011-1434.html (Adobe did not make clear, until today, that APSB11-16 was addressed in Adobe Reader 9.4.6; their bulletin was updated today to indicate that they were in fact addressed.)