Critical: acroread security update

07-21-2008, 01:48 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: acroread security update
Advisory ID: RHSA-2008:0641-02
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0641.html
Issue date: 2008-07-21
CVE Names: CVE-2008-0883 CVE-2008-2641
================================================== ===================

1. Summary:

Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

Adobe Acrobat Reader allows users to view and print documents in Portable
Document Format (PDF).

An input validation flaw was discovered in a JavaScript engine used by
Acrobat Reader. A malicious PDF file could cause Acrobat Reader to crash
or, potentially, execute arbitrary code as the user running Acrobat Reader.
(CVE-2008-2641)

An insecure temporary file usage issue was discovered in the Acrobat Reader
"acroread" startup script. A local attacker could potentially overwrite
arbitrary files that were writable by the user running Acrobat Reader, if
the victim ran "acroread" with certain command line arguments.
(CVE-2008-0883)

All acroread users are advised to upgrade to these updated packages, that
contain Acrobat Reader version 8.1.2 Security Update 1, and are not
vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

436263 - CVE-2008-0883 acroread: insecure handling of temporary files
452632 - CVE-2008-2641 acroread: input validation issue in a JavaScript method

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
acroread-8.1.2.SU1-2.i386.rpm
acroread-plugin-8.1.2.SU1-2.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
acroread-8.1.2.SU1-2.i386.rpm
acroread-plugin-8.1.2.SU1-2.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
acroread-8.1.2.SU1-2.i386.rpm
acroread-plugin-8.1.2.SU1-2.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
acroread-8.1.2.SU1-2.i386.rpm
acroread-plugin-8.1.2.SU1-2.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
acroread-8.1.2.SU1-2.el4.i386.rpm
acroread-plugin-8.1.2.SU1-2.el4.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
acroread-8.1.2.SU1-2.el4.i386.rpm
acroread-plugin-8.1.2.SU1-2.el4.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
acroread-8.1.2.SU1-2.el4.i386.rpm
acroread-plugin-8.1.2.SU1-2.el4.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
acroread-8.1.2.SU1-2.el4.i386.rpm
acroread-plugin-8.1.2.SU1-2.el4.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
acroread-8.1.2.SU1-2.el5.i386.rpm
acroread-plugin-8.1.2.SU1-2.el5.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.el5.i386.rpm
acroread-plugin-8.1.2.SU1-2.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
acroread-8.1.2.SU1-2.el5.i386.rpm
acroread-plugin-8.1.2.SU1-2.el5.i386.rpm

x86_64:
acroread-8.1.2.SU1-2.el5.i386.rpm
acroread-plugin-8.1.2.SU1-2.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2641
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIhJObXlSAg2UNWIIRAuHyAKC8GWDFYYR6267KxejasP ciSGD8PwCfYb9g
1lakVQNvDBjtL6wcwS6s2ls=
=oIJz
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

11-12-2008, 04:32 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: acroread security update
Advisory ID: RHSA-2008:0974-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0974.html
Issue date: 2008-11-12
CVE Names: CVE-2008-2549 CVE-2008-2992 CVE-2008-4812
CVE-2008-4813 CVE-2008-4814 CVE-2008-4815
CVE-2008-4817
================================================== ===================

1. Summary:

Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)

The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)

All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

450078 - CVE-2008-2549 acroread: crash and possible code execution
469875 - CVE-2008-4812 Adobe Reader: embedded font handling out-of-bounds array indexing
469876 - CVE-2008-4813 Adobe Reader: PDF objects parsing and JavaScript getCosObj handling memory corruption flaw
469877 - CVE-2008-2992 Adobe Reader: JavaScript util.printf() function buffer overflow
469880 - CVE-2008-4814 Adobe Reader: arbitrary code execution via unspecified JavaScript method
469882 - CVE-2008-4815 Adobe Reader: insecure RPATH flaw
469923 - CVE-2008-4817 Adobe Reader: Download Manager input validation flaw

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
acroread-8.1.3-1.i386.rpm
acroread-plugin-8.1.3-1.i386.rpm

x86_64:
acroread-8.1.3-1.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
acroread-8.1.3-1.i386.rpm
acroread-plugin-8.1.3-1.i386.rpm

x86_64:
acroread-8.1.3-1.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
acroread-8.1.3-1.i386.rpm
acroread-plugin-8.1.3-1.i386.rpm

x86_64:
acroread-8.1.3-1.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
acroread-8.1.3-1.i386.rpm
acroread-plugin-8.1.3-1.i386.rpm

x86_64:
acroread-8.1.3-1.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
acroread-8.1.3-1.el4.i386.rpm
acroread-plugin-8.1.3-1.el4.i386.rpm

x86_64:
acroread-8.1.3-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
acroread-8.1.3-1.el4.i386.rpm
acroread-plugin-8.1.3-1.el4.i386.rpm

x86_64:
acroread-8.1.3-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
acroread-8.1.3-1.el4.i386.rpm
acroread-plugin-8.1.3-1.el4.i386.rpm

x86_64:
acroread-8.1.3-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
acroread-8.1.3-1.el4.i386.rpm
acroread-plugin-8.1.3-1.el4.i386.rpm

x86_64:
acroread-8.1.3-1.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
acroread-8.1.3-1.el5.i386.rpm
acroread-plugin-8.1.3-1.el5.i386.rpm

x86_64:
acroread-8.1.3-1.el5.i386.rpm
acroread-plugin-8.1.3-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
acroread-8.1.3-1.el5.i386.rpm
acroread-plugin-8.1.3-1.el5.i386.rpm

x86_64:
acroread-8.1.3-1.el5.i386.rpm
acroread-plugin-8.1.3-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJGxMSXlSAg2UNWIIRAhpQAKCl+EmsEXnvSnbyEUKvOT dh1vtZIgCgvVG7
xqtXvioZHxs6OCvB94zsCiU=
=BQRt
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

03-25-2009, 01:03 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: acroread security update
Advisory ID: RHSA-2009:0376-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0376.html
Issue date: 2009-03-25
CVE Names: CVE-2009-0193 CVE-2009-0658 CVE-2009-0928
CVE-2009-1061 CVE-2009-1062
================================================== ===================

1. Summary:

Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

Multiple input validation flaws were discovered in the JBIG2 compressed
images decoder used by Adobe Reader. A malicious PDF file could cause Adobe
Reader to crash or, potentially, execute arbitrary code as the user running
Adobe Reader. (CVE-2009-0193, CVE-2009-0658, CVE-2009-0928, CVE-2009-1061,
CVE-2009-1062)

All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 8.1.4, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

486928 - CVE-2009-0658, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062 acroread: multiple JBIG2-related security flaws

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
acroread-8.1.4-1.i386.rpm
acroread-plugin-8.1.4-1.i386.rpm

x86_64:
acroread-8.1.4-1.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
acroread-8.1.4-1.i386.rpm
acroread-plugin-8.1.4-1.i386.rpm

x86_64:
acroread-8.1.4-1.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
acroread-8.1.4-1.i386.rpm
acroread-plugin-8.1.4-1.i386.rpm

x86_64:
acroread-8.1.4-1.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
acroread-8.1.4-1.i386.rpm
acroread-plugin-8.1.4-1.i386.rpm

x86_64:
acroread-8.1.4-1.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:
acroread-8.1.4-1.el4.i386.rpm
acroread-plugin-8.1.4-1.el4.i386.rpm

x86_64:
acroread-8.1.4-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
acroread-8.1.4-1.el4.i386.rpm
acroread-plugin-8.1.4-1.el4.i386.rpm

x86_64:
acroread-8.1.4-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
acroread-8.1.4-1.el4.i386.rpm
acroread-plugin-8.1.4-1.el4.i386.rpm

x86_64:
acroread-8.1.4-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
acroread-8.1.4-1.el4.i386.rpm
acroread-plugin-8.1.4-1.el4.i386.rpm

x86_64:
acroread-8.1.4-1.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
acroread-8.1.4-1.el5.i386.rpm
acroread-plugin-8.1.4-1.el5.i386.rpm

x86_64:
acroread-8.1.4-1.el5.i386.rpm
acroread-plugin-8.1.4-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
acroread-8.1.4-1.el5.i386.rpm
acroread-plugin-8.1.4-1.el5.i386.rpm

x86_64:
acroread-8.1.4-1.el5.i386.rpm
acroread-plugin-8.1.4-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1062
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJyjmxXlSAg2UNWIIRAq+7AJ0W8Iy83bA208wBejuwqZ t6mT9rGQCdE6uz
WYCphKpaDBLJ5c6oR455cNg=
=GpRw
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

01-13-2010, 03:47 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: acroread security update
Advisory ID: RHSA-2010:0038-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0038.html
Issue date: 2010-01-13
CVE Names: CVE-2009-3953 CVE-2009-3954 CVE-2009-3955
CVE-2009-3956 CVE-2009-3959 CVE-2009-4324
================================================== ===================

1. Summary:

Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

This update fixes several vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-02
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,
CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)

Adobe have discontinued support for Adobe Reader 8 for Linux. All users of
Adobe Reader are advised to install these updated packages, which contain
Adobe Reader version 9.3, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547799 - CVE-2009-4324 acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)
554293 - CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02)
554296 - CVE-2009-3956 acroread: script injection vulnerability (APSB10-02)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
acroread-9.3-1.el4.i386.rpm
acroread-plugin-9.3-1.el4.i386.rpm

x86_64:
acroread-9.3-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
acroread-9.3-1.el4.i386.rpm
acroread-plugin-9.3-1.el4.i386.rpm

x86_64:
acroread-9.3-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
acroread-9.3-1.el4.i386.rpm
acroread-plugin-9.3-1.el4.i386.rpm

x86_64:
acroread-9.3-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
acroread-9.3-1.el4.i386.rpm
acroread-plugin-9.3-1.el4.i386.rpm

x86_64:
acroread-9.3-1.el4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3953.html
https://www.redhat.com/security/data/cve/CVE-2009-3954.html
https://www.redhat.com/security/data/cve/CVE-2009-3955.html
https://www.redhat.com/security/data/cve/CVE-2009-3956.html
https://www.redhat.com/security/data/cve/CVE-2009-3959.html
https://www.redhat.com/security/data/cve/CVE-2009-4324.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-02.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLTfkUXlSAg2UNWIIRAoGwAJ9M3V4us4BImTzBnIOIcb yfKiBjhACgwr8F
Ve14ryUnBBhEaPrGH/11c/U=
=p8xj
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

01-20-2010, 02:20 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: acroread security update
Advisory ID: RHSA-2010:0060-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0060.html
Issue date: 2010-01-20
CVE Names: CVE-2009-3953 CVE-2009-3954 CVE-2009-3955
CVE-2009-3956 CVE-2009-3959 CVE-2009-4324
================================================== ===================

1. Summary:

The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras
contain security flaws and should not be used.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Desktop version 3 Extras - i386
Red Hat Enterprise Linux AS version 3 Extras - i386
Red Hat Enterprise Linux ES version 3 Extras - i386
Red Hat Enterprise Linux WS version 3 Extras - i386

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

Adobe Reader 8.1.7 is vulnerable to critical security flaws and should no
longer be used. A specially-crafted PDF file could cause Adobe Reader to
crash or, potentially, execute arbitrary code as the user running Adobe
Reader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954,
CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)

Adobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader
9 for Linux is not compatible with Red Hat Enterprise Linux 3. An
alternative PDF file viewer available in Red Hat Enterprise Linux 3 is
xpdf.

This update removes the acroread packages due to their known security
vulnerabilities.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547799 - CVE-2009-4324 acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)
554293 - CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02)
554296 - CVE-2009-3956 acroread: script injection vulnerability (APSB10-02)

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
acroread-uninstall-9.3-3.i386.rpm

Red Hat Desktop version 3 Extras:

i386:
acroread-uninstall-9.3-3.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:
acroread-uninstall-9.3-3.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:
acroread-uninstall-9.3-3.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3953.html
https://www.redhat.com/security/data/cve/CVE-2009-3954.html
https://www.redhat.com/security/data/cve/CVE-2009-3955.html
https://www.redhat.com/security/data/cve/CVE-2009-3956.html
https://www.redhat.com/security/data/cve/CVE-2009-3959.html
https://www.redhat.com/security/data/cve/CVE-2009-4324.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-02.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLVx8UXlSAg2UNWIIRAvXbAJ4jHpoOnMYcI1yFuGBL+e gx1kH3cwCfQtCe
OKKnLAaflNtFWlJvrdu/3mA=
=M896
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

04-14-2010, 10:29 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: acroread security update
Advisory ID: RHSA-2010:0349-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0349.html
Issue date: 2010-04-14
CVE Names: CVE-2010-0190 CVE-2010-0191 CVE-2010-0192
CVE-2010-0193 CVE-2010-0194 CVE-2010-0195
CVE-2010-0196 CVE-2010-0197 CVE-2010-0198
CVE-2010-0199 CVE-2010-0201 CVE-2010-0202
CVE-2010-0203 CVE-2010-0204 CVE-2010-1241
================================================== ===================

1. Summary:

Updated acroread packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

This update fixes several vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-09
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2010-0190, CVE-2010-0191,
CVE-2010-0192, CVE-2010-0193, CVE-2010-0194, CVE-2010-0195, CVE-2010-0196,
CVE-2010-0197, CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202,
CVE-2010-0203, CVE-2010-0204, CVE-2010-1241)

All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.2, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

579213 - CVE-2010-1241 Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)
581417 - Acroread: Multiple code execution flaws (APSB10-09)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
acroread-9.3.2-1.el4.i386.rpm
acroread-plugin-9.3.2-1.el4.i386.rpm

x86_64:
acroread-9.3.2-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
acroread-9.3.2-1.el4.i386.rpm
acroread-plugin-9.3.2-1.el4.i386.rpm

x86_64:
acroread-9.3.2-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
acroread-9.3.2-1.el4.i386.rpm
acroread-plugin-9.3.2-1.el4.i386.rpm

x86_64:
acroread-9.3.2-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
acroread-9.3.2-1.el4.i386.rpm
acroread-plugin-9.3.2-1.el4.i386.rpm

x86_64:
acroread-9.3.2-1.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
acroread-9.3.2-1.el5.i386.rpm
acroread-plugin-9.3.2-1.el5.i386.rpm

x86_64:
acroread-9.3.2-1.el5.i386.rpm
acroread-plugin-9.3.2-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
acroread-9.3.2-1.el5.i386.rpm
acroread-plugin-9.3.2-1.el5.i386.rpm

x86_64:
acroread-9.3.2-1.el5.i386.rpm
acroread-plugin-9.3.2-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0190.html
https://www.redhat.com/security/data/cve/CVE-2010-0191.html
https://www.redhat.com/security/data/cve/CVE-2010-0192.html
https://www.redhat.com/security/data/cve/CVE-2010-0193.html
https://www.redhat.com/security/data/cve/CVE-2010-0194.html
https://www.redhat.com/security/data/cve/CVE-2010-0195.html
https://www.redhat.com/security/data/cve/CVE-2010-0196.html
https://www.redhat.com/security/data/cve/CVE-2010-0197.html
https://www.redhat.com/security/data/cve/CVE-2010-0198.html
https://www.redhat.com/security/data/cve/CVE-2010-0199.html
https://www.redhat.com/security/data/cve/CVE-2010-0201.html
https://www.redhat.com/security/data/cve/CVE-2010-0202.html
https://www.redhat.com/security/data/cve/CVE-2010-0203.html
https://www.redhat.com/security/data/cve/CVE-2010-0204.html
https://www.redhat.com/security/data/cve/CVE-2010-1241.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb10-09.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLxZjiXlSAg2UNWIIRAq+zAJ9TYPcl+zHLFJitV7KZIU 5OR6L4sQCgkiA1
pTdlxDqt1XZLqxoY11B4edk=
=cuEI
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

06-30-2010, 06:00 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: acroread security update
Advisory ID: RHSA-2010:0503-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0503.html
Issue date: 2010-06-30
CVE Names: CVE-2010-1240 CVE-2010-1285 CVE-2010-1295
CVE-2010-1297 CVE-2010-2168 CVE-2010-2201
CVE-2010-2202 CVE-2010-2203 CVE-2010-2204
CVE-2010-2205 CVE-2010-2206 CVE-2010-2207
CVE-2010-2208 CVE-2010-2209 CVE-2010-2210
CVE-2010-2211 CVE-2010-2212
================================================== ===================

1. Summary:

Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

This update fixes multiple vulnerabilities in Adobe Reader. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-15, listed in the References section. A specially-crafted PDF file
could cause Adobe Reader to crash or, potentially, execute arbitrary code
as the user running Adobe Reader when opened. (CVE-2010-1240,
CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201,
CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206,
CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211,
CVE-2010-2212)

All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 9.3.3, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

600692 - CVE-2010-1297 acroread, flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)
609203 - acroread: multiple code execution flaws (APSB10-15)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
acroread-9.3.3-2.el4.i386.rpm
acroread-plugin-9.3.3-2.el4.i386.rpm

x86_64:
acroread-9.3.3-2.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:
acroread-9.3.3-2.el4.i386.rpm
acroread-plugin-9.3.3-2.el4.i386.rpm

x86_64:
acroread-9.3.3-2.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
acroread-9.3.3-2.el4.i386.rpm
acroread-plugin-9.3.3-2.el4.i386.rpm

x86_64:
acroread-9.3.3-2.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
acroread-9.3.3-2.el4.i386.rpm
acroread-plugin-9.3.3-2.el4.i386.rpm

x86_64:
acroread-9.3.3-2.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
acroread-9.3.3-1.el5.i386.rpm
acroread-plugin-9.3.3-1.el5.i386.rpm

x86_64:
acroread-9.3.3-1.el5.i386.rpm
acroread-plugin-9.3.3-1.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:
acroread-9.3.3-1.el5.i386.rpm
acroread-plugin-9.3.3-1.el5.i386.rpm

x86_64:
acroread-9.3.3-1.el5.i386.rpm
acroread-plugin-9.3.3-1.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-1240.html
https://www.redhat.com/security/data/cve/CVE-2010-1285.html
https://www.redhat.com/security/data/cve/CVE-2010-1295.html
https://www.redhat.com/security/data/cve/CVE-2010-1297.html
https://www.redhat.com/security/data/cve/CVE-2010-2168.html
https://www.redhat.com/security/data/cve/CVE-2010-2201.html
https://www.redhat.com/security/data/cve/CVE-2010-2202.html
https://www.redhat.com/security/data/cve/CVE-2010-2203.html
https://www.redhat.com/security/data/cve/CVE-2010-2204.html
https://www.redhat.com/security/data/cve/CVE-2010-2205.html
https://www.redhat.com/security/data/cve/CVE-2010-2206.html
https://www.redhat.com/security/data/cve/CVE-2010-2207.html
https://www.redhat.com/security/data/cve/CVE-2010-2208.html
https://www.redhat.com/security/data/cve/CVE-2010-2209.html
https://www.redhat.com/security/data/cve/CVE-2010-2210.html
https://www.redhat.com/security/data/cve/CVE-2010-2211.html
https://www.redhat.com/security/data/cve/CVE-2010-2212.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMK4YJXlSAg2UNWIIRAsvmAJ0UF+ILoBrbssYfVvNlOp Z3KelLpACeOzN2
DAgZ/L69+IzI62xcffKU9Qg=
=LICV
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list