Adobe security bulletin APSB11-24 describes multiple security flaws that can lead to arbitrary code execution when a malicious PDF file is opened in Adobe Reader. http://www.adobe.com/support/security/bulletins/apsb11-24.html These updates resolve a security bypass vulnerability that could lead to code execution (CVE-2011-2431). These updates resolve a buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432). These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2433). These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2434). These updates resolve an buffer overflow vulnerability that could lead to code execution (CVE-2011-2435). These updates resolve a heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436). These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2437). These updates resolve three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438). These updates resolve a memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439). These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2011-2440). These updates resolve a logic error vulnerability that could lead to code execution (CVE-2011-2442). These updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-21 and Security Bulletin APSB11-26.
Adobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011.
This issue has been addressed in following products: Extras for RHEL 4 Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2011:1434 https://rhn.redhat.com/errata/RHSA-2011-1434.html
Adobe has updated their bulletin APSB11-24 today with the following: These updates resolve an integer overflow vulnerability that could lead to code execution (Adobe Reader 9.x on Linux only) (CVE-2011-4374). This fix would already be in our already-released packages that provide 9.4.6.