* An unspecified vulnerability can be triggered by a malformed PDF
document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).
* Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and
Greg MacManus reported a stack-based buffer overflow in the
util.printf JavaScript function that incorrectly handles the format
string argument (CVE-2008-2992).
* Greg MacManus of iDefense Labs reported an array index error that
can be leveraged for an out-of-bounds write, related to parsing of
Type 1 fonts (CVE-2008-4812).
* Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day
Initiative, reported multiple unspecified memory corruption
vulnerabilities (CVE-2008-4813).
* Thomas Garnier of SkyRecon Systems reported an unspecified
vulnerability in a JavaScript method, related to an "input validation
issue" (CVE-2008-4814).
* Josh Bressers of Red Hat reported an untrusted search path
vulnerability (CVE-2008-4815).
* Peter Vreugdenhil reported through iDefense that the Download
Manager can trigger a heap corruption via calls to the AcroJS
function (CVE-2008-4817).
Impact
======
A remote attacker could entice a user to open a specially crafted PDF
document, and local attackers could entice a user to run acroread from
an untrusted working directory. Both might result in the execution of
arbitrary code with the privileges of the user running the application,
or a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Gentoo Linux Security Advisory GLSA 200901-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Reader: User-assisted execution of arbitrary code
Date: January 13, 2009
Bugs: #225483
ID: 200901-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Adobe Reader is vulnerable to execution of arbitrary code.
Background
==========
Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF
reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 8.1.3 >= 8.1.3
Description
===========
* An unspecified vulnerability can be triggered by a malformed PDF
document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).
* Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and
Greg MacManus reported a stack-based buffer overflow in the
util.printf JavaScript function that incorrectly handles the format
string argument (CVE-2008-2992).
* Greg MacManus of iDefense Labs reported an array index error that
can be leveraged for an out-of-bounds write, related to parsing of
Type 1 fonts (CVE-2008-4812).
* Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day
Initiative, reported multiple unspecified memory corruption
vulnerabilities (CVE-2008-4813).
* Thomas Garnier of SkyRecon Systems reported an unspecified
vulnerability in a JavaScript method, related to an "input validation
issue" (CVE-2008-4814).
* Josh Bressers of Red Hat reported an untrusted search path
vulnerability (CVE-2008-4815).
* Peter Vreugdenhil reported through iDefense that the Download
Manager can trigger a heap corruption via calls to the AcroJS
function (CVE-2008-4817).
Impact
======
A remote attacker could entice a user to open a specially crafted PDF
document, and local attackers could entice a user to run acroread from
an untrusted working directory. Both might result in the execution of
arbitrary code with the privileges of the user running the application,
or a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-8.1.3"
References
==========
[ 1 ] CVE-2008-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2549
[ 2 ] CVE-2008-2992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992
[ 3 ] CVE-2008-4812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4812
[ 4 ] CVE-2008-4813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4813
[ 5 ] CVE-2008-4814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4814
[ 6 ] CVE-2008-4815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4815
[ 7 ] CVE-2008-4817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4817
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200901-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iQIcBAABAgAGBQJJbIajAAoJECaaHo/OfoM56m0P/1tKGlE+o107384mBBAyMU52
tFiQKX2Wi7dcAdd6tjb3WyhDod/iCX2EktsNgQ3TQyhh6uqlNflvtNrjLGNugZ0v
pf0iEJLvHeAo6H8KvwaojUWZTwBuBcvKU8rw73Zrn+25xOdvzLQBvhS+mqcqc5L0
Am1uK3RjkBM7+BP8dS9VKflYEK00wzx0NIhZyiSzfxfnw98nzrBfoZ7665i1S92g
wCQqpNXhfR6BHrfq0GHCqoVJAs0rfXUtb5QeqmkQBVwMNwbrFk/uk2uiNULUphXp
IzIaQL8uoiyGHIihTs8iAuGtX3gCI191uYJucrDPVNm6cVG/UbWMGknD2C4pZVWl
IfrJjxomXtI70ZaG2zohDUIGlbpdMb3PGBSAheH+yue1fH7+S6BdGkPxAdj2tpP8
+tfRdg8dqHmuhLks1B9slu3DzGE7VoP2K3BBnxG4x/6ON1Xd82c+VXc/Oz1XVSd/
7y89eh3vDHI00MvH5OcNIbRpkIUbIyCXDl2xxj1bS70Y+owUZtwg3ogWQukVcgnO
7fItGU3i11CyaYOSyWM7F0RXyqZsjPbuiMbNX/sTu9nQA5pOnaTLnDgwd3J2kYlb
HVowvGNJNotOEF9YVXTKW595T6CAum/hQ7BptwhsOoRvELSRoBfwCMyETgKQlCP+
0xt6INsTQRdfe4q4J6BE
=C1AU
-----END PGP SIGNATURE-----
[ reply ]