Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 749381 - (CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2442, CVE-2011-4374) acroread: multiple code execution flaws (APSB11-24)
acroread: multiple code execution flaws (APSB11-24)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,public=20110913,repor...
: Security
Depends On: 737587 737588 737589
Blocks: 751852
  Show dependency treegraph
 
Reported: 2011-10-26 17:11 EDT by Vincent Danen
Modified: 2012-01-18 18:25 EST (History)
1 user (show)

See Also:
Fixed In Version: acroread 9.4.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-01-18 18:25:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1434 normal SHIPPED_LIVE Critical: acroread security update 2011-11-08 11:13:47 EST

  None (edit)
Description Vincent Danen 2011-10-26 17:11:06 EDT 
Adobe security bulletin APSB11-24 describes multiple security flaws that can
lead to arbitrary code execution when a malicious PDF file is opened in Adobe
Reader.

http://www.adobe.com/support/security/bulletins/apsb11-24.html

These updates resolve a security bypass vulnerability that could lead to code execution (CVE-2011-2431). 

These updates resolve a buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432). 

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2433). 

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2434).

These updates resolve an buffer overflow vulnerability that could lead to code execution (CVE-2011-2435). 

These updates resolve a heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436). 

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2437). 

These updates resolve three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438). 

These updates resolve a memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439). 

These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2011-2440). 

These updates resolve a logic error vulnerability that could lead to code execution (CVE-2011-2442). 

These updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-21 and Security Bulletin APSB11-26.
Comment 1 Vincent Danen 2011-10-26 17:15:49 EDT 
Adobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011.
Comment 2 errata-xmlrpc 2011-11-08 06:14:09 EST 
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:1434 https://rhn.redhat.com/errata/RHSA-2011-1434.html
Comment 3 Vincent Danen 2012-01-18 18:25:08 EST 
Adobe has updated their bulletin APSB11-24 today with the following:

These updates resolve an integer overflow vulnerability that could lead to code execution (Adobe Reader 9.x on Linux only) (CVE-2011-4374).  This fix would already be in our already-released packages that provide 9.4.6.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.