Bug 505049 (CVE-2009-0198, CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889, CVE-2009-1855, CVE-2009-1856, CVE-2009-1857, CVE-2009-1858, CVE-2009-1859, CVE-2009-1861, CVE-2009-2028) - acroread: multiple security fixes in version 8.1.6 (APSB09-07)
Summary: acroread: multiple security fixes in version 8.1.6 (APSB09-07)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-0198, CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889, CVE-2009-1855, CVE-2009-1856, CVE-2009-1857, CVE-2009-1858, CVE-2009-1859, CVE-2009-1861, CVE-2009-2028
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 505062 505063 505064
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-10 13:56 UTC by Tomas Hoger
Modified: 2019-09-29 12:30 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-06-17 09:24:45 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1109 0 normal SHIPPED_LIVE Critical: acroread security update 2009-06-17 09:16:25 UTC

Description Tomas Hoger 2009-06-10 13:56:24 UTC 
Adobe has published a security bulletin APSB09-07 for security issues addressed in Adobe Reader and Acrobat products:

  http://www.adobe.com/support/security/bulletins/apsb09-07.html

Quoting Adobe bulletin APSB09-07 for issues descriptions:

  This update resolves a stack overflow vulnerability that could
  potentially lead to code execution (CVE-2009-1855).

  This update resolves an integer overflow that leads to a Denial of
  Service (DoS); arbitrary code execution has not been demonstrated,
  but may be possible (CVE-2009-1856).

  This update resolves a memory corruption vulnerability that leads
  to a Denial of Service (DoS); arbitrary code execution has not been
  demonstrated, but may be possible (CVE-2009-1857).

  This update resolves a memory corruption vulnerability in the JBIG2
  filter that could potentially lead to code execution (CVE-2009-1858).

  This update resolves a memory corruption vulnerability that could
  potentially lead to code execution (CVE-2009-1859).

  This update resolves a memory corruption vulnerability in the JBIG2
  filter that leads to a Denial of Service (DoS); arbitrary code
  execution has not been demonstrated, but may be possible (CVE-2009-0198).

  This update resolves multiple heap overflow vulnerabilities in the
  JBIG2 filter that could potentially lead to code execution
  (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512,
  CVE-2009-0888, CVE-2009-0889).

  This update resolves multiple heap overflow vulnerabilities that
  could potentially lead to code execution (CVE-2009-1861).

  Additionally, this update resolves Adobe internally discovered issues.

Security fixes are available in product version 9.1.2, 8.1.6, or 7.1.3, currently only available for Windows and Macintosh platforms, updates for UNIX platforms should be released on Jun 16.
Comment 2 Tomas Hoger 2009-06-11 15:39:24 UTC 
Additional CVE has been assigned by Mitre - CVE-2009-2028:

Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7
before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe
Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack
vectors, related to "Adobe internally discovered issues."
Comment 4 errata-xmlrpc 2009-06-17 09:16:28 UTC 
This issue has been addressed in following products:

  Extras for RHEL 3
  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:1109 https://rhn.redhat.com/errata/RHSA-2009-1109.html
Note You need to log in before you can comment on or make changes to this bug.