[RHSA-2009:1109-01] Critical: acroread security update

news · June 17, 2009

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

=====================================================================

Red Hat Security Advisory

Synopsis: Critical: acroread security update

Advisory ID: RHSA-2009:1109-01

Product: Red Hat Enterprise Linux Extras

Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1109.html

Issue date: 2009-06-17

CVE Names: CVE-2009-0198 CVE-2009-0509 CVE-2009-0510

CVE-2009-0511 CVE-2009-0512 CVE-2009-0888

CVE-2009-0889 CVE-2009-1855 CVE-2009-1856

CVE-2009-1857 CVE-2009-1858 CVE-2009-1859

CVE-2009-1861 CVE-2009-2028

=====================================================================

1. Summary:

Updated acroread packages that fix multiple security issues are now

available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4

Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red

Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64

Red Hat Desktop version 3 Extras - i386, x86_64

Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64

Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64

Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64

Red Hat Desktop version 4 Extras - i386, x86_64

Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64

Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64

RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document

Format (PDF).

Multiple security flaws were discovered in Adobe Reader. A specially

crafted PDF file could cause Adobe Reader to crash or, potentially, execute

arbitrary code as the user running Adobe Reader when opened.

(CVE-2009-0198, CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512,

CVE-2009-0888, CVE-2009-0889, CVE-2009-1855, CVE-2009-1856, CVE-2009-1857,

CVE-2009-1858, CVE-2009-1859, CVE-2009-1861, CVE-2009-2028)

All Adobe Reader users should install these updated packages. They contain

Adobe Reader version 8.1.6, which is not vulnerable to these issues. All

running instances of Adobe Reader must be restarted for the update to take

effect.

4. Solution:

Before applying this update, make sure that all previously-released

errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use

the Red Hat Network to apply this update are available at

http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

505049 - acroread: multiple security fixes in version 8.1.6 (APSB09-07)

6. Package List:

Red Hat Enterprise Linux AS version 3 Extras:

i386:

acroread-8.1.6-1.i386.rpm

acroread-plugin-8.1.6-1.i386.rpm

x86_64:

acroread-8.1.6-1.i386.rpm

Red Hat Desktop version 3 Extras:

i386:

acroread-8.1.6-1.i386.rpm

acroread-plugin-8.1.6-1.i386.rpm

x86_64:

acroread-8.1.6-1.i386.rpm

Red Hat Enterprise Linux ES version 3 Extras:

i386:

acroread-8.1.6-1.i386.rpm

acroread-plugin-8.1.6-1.i386.rpm

x86_64:

acroread-8.1.6-1.i386.rpm

Red Hat Enterprise Linux WS version 3 Extras:

i386:

acroread-8.1.6-1.i386.rpm

acroread-plugin-8.1.6-1.i386.rpm

x86_64:

acroread-8.1.6-1.i386.rpm

Red Hat Enterprise Linux AS version 4 Extras:

i386:

acroread-8.1.6-1.el4.i386.rpm

acroread-plugin-8.1.6-1.el4.i386.rpm

x86_64:

acroread-8.1.6-1.el4.i386.rpm

Red Hat Desktop version 4 Extras:

i386:

acroread-8.1.6-1.el4.i386.rpm

acroread-plugin-8.1.6-1.el4.i386.rpm

x86_64:

acroread-8.1.6-1.el4.i386.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:

acroread-8.1.6-1.el4.i386.rpm

acroread-plugin-8.1.6-1.el4.i386.rpm

x86_64:

acroread-8.1.6-1.el4.i386.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:

acroread-8.1.6-1.el4.i386.rpm

acroread-plugin-8.1.6-1.el4.i386.rpm

x86_64:

acroread-8.1.6-1.el4.i386.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:

acroread-8.1.6-2.el5.i386.rpm

acroread-plugin-8.1.6-2.el5.i386.rpm

x86_64:

acroread-8.1.6-2.el5.i386.rpm

acroread-plugin-8.1.6-2.el5.i386.rpm

RHEL Supplementary (v. 5 server):

i386:

acroread-8.1.6-2.el5.i386.rpm

acroread-plugin-8.1.6-2.el5.i386.rpm

x86_64:

acroread-8.1.6-2.el5.i386.rpm

acroread-plugin-8.1.6-2.el5.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0198

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0509

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0510

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0511

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0512

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0888

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0889

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1855

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1856

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1857

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1858

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1859

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1861

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2028

http://www.redhat.com/security/updates/classification/#critical

http://www.adobe.com/support/security/bulletins/apsb09-07.html

8. Contact:

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFKOLTAXlSAg2UNWIIRApNNAJ9xDHV1BSt4vrkhO4drc//0KagXEgCeNj+M

ot0s22MwAAcx6Ida5u6z4S8=

=tMmm

-----END PGP SIGNATURE-----

--

Sign In

[RHSA-2009:1109-01] Critical: acroread security update

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity