Adobe Reader: Multiple vulnerabilities — GLSA 201009-05

Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks.

Affected packages

Background

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader.

Description

Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.

Impact

A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or bypass intended sandbox restrictions, make cross-domain requests, inject arbitrary web script or HTML, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"

References

• APSA10-01
• APSB10-02
• APSB10-07
• APSB10-09
• APSB10-14
• APSB10-16
• CVE-2009-3953
• CVE-2009-4324
• CVE-2010-0186
• CVE-2010-0188
• CVE-2010-0190
• CVE-2010-0191
• CVE-2010-0192
• CVE-2010-0193
• CVE-2010-0194
• CVE-2010-0195
• CVE-2010-0196
• CVE-2010-0197
• CVE-2010-0198
• CVE-2010-0199
• CVE-2010-0201
• CVE-2010-0202
• CVE-2010-0203
• CVE-2010-0204
• CVE-2010-1241
• CVE-2010-1285
• CVE-2010-1295
• CVE-2010-1297
• CVE-2010-2168
• CVE-2010-2201
• CVE-2010-2202
• CVE-2010-2203
• CVE-2010-2204
• CVE-2010-2205
• CVE-2010-2206
• CVE-2010-2207
• CVE-2010-2208
• CVE-2010-2209
• CVE-2010-2210
• CVE-2010-2211
• CVE-2010-2212

Release date
September 07, 2010

Latest revision
September 07, 2010: 01

Severity
normal

Exploitable
remote

Bugzilla entries

• 297385
• 306429
• 313343
• 322857