- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Reader: User-assisted execution of arbitrary code Date: July 12, 2009 Bugs: #267846, #273908 ID: 200907-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Adobe Reader is vulnerable to remote code execution via crafted PDF files. Background ========== Adobe Reader is a PDF reader released by Adobe. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 8.1.6 >= 8.1.6 Description =========== Multiple vulnerabilities have been reported in Adobe Reader: * Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in the JBIG2 filter (CVE-2009-0198). * Mark Dowd of the IBM Internet Security Systems X-Force and Nicolas Joly of VUPEN Security reported multiple heap-based buffer overflows in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889) * Arr1val reported that multiple methods in the JavaScript API might lead to memory corruption when called with crafted arguments (CVE-2009-1492, CVE-2009-1493). * An anonymous researcher reported a stack-based buffer overflow related to U3D model files with a crafted extension block (CVE-2009-1855). * Jun Mao and Ryan Smith of iDefense Labs reported an integer overflow related to the FlateDecode filter, which triggers a heap-based buffer overflow (CVE-2009-1856). * Haifei Li of Fortinet's FortiGuard Global Security Research Team reported a memory corruption vulnerability related to TrueType fonts (CVE-2009-1857). * The Apple Product Security Team reported a memory corruption vulnerability in the JBIG2 filter (CVE-2009-1858). * Matthew Watchinski of Sourcefire VRT reported an unspecified memory corruption (CVE-2009-1859). * Will Dormann of CERT reported multiple heap-based buffer overflows when processing JPX (aka JPEG2000) stream that trigger heap memory corruption (CVE-2009-1861). * Multiple unspecified vulnerabilities have been discovered (CVE-2009-2028). Impact ====== A remote attacker could entice a user to open a specially crafted document, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.6" References ========== [ 1 ] CVE-2009-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0198 [ 2 ] CVE-2009-0509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0509 [ 3 ] CVE-2009-0510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0510 [ 4 ] CVE-2009-0511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0511 [ 5 ] CVE-2009-0512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0512 [ 6 ] CVE-2009-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0888 [ 7 ] CVE-2009-0889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0889 [ 8 ] CVE-2009-1492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1492 [ 9 ] CVE-2009-1493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1493 [ 10 ] CVE-2009-1855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1855 [ 11 ] CVE-2009-1856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1856 [ 12 ] CVE-2009-1857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1857 [ 13 ] CVE-2009-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1858 [ 14 ] CVE-2009-1859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1859 [ 15 ] CVE-2009-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1861 [ 16 ] CVE-2009-2028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2028 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200907-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5