Bug 633159

Summary: Adobe Reader (acroread) on Factory: Update to 9.2.4 security-fixed version
Product: [openSUSE] openSUSE 11.4 Reporter: Tobias Burnus <burnus>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Factory   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Tobias Burnus 2010-08-20 12:01:09 UTC
User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

http://www.adobe.com/support/security/bulletins/apsb10-17.html

Security updates available for Adobe Reader and Acrobat
Release date: August 19, 2010
Vulnerability identifier: APSB10-17
CVE numbers: CVE-2010-2862, CVE-2010-1240
Platform: All Platforms

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).
These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).
These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.


Please update Factory (and the release branches).

Reproducible: Always
Comment 1 Tobias Burnus 2010-08-20 12:07:58 UTC
I got the version number wrong in the Summary: It's 9.3.4.

And I misread somehow the APSB - it carries the following note:

"Note: Adobe Reader 9.3.4 for Windows, Macintosh and UNIX will be available from the Adobe Reader Download Center at http://get.adobe.com/reader/ by August 31, 2010."

Thus, although the whole report talks about downloading/installing/updating 9.3.4, the version does not seem to be available and

"Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix "

Only offers 9.3.3. Sorry for the premature bug report.
Comment 2 Tobias Burnus 2010-08-20 12:13:10 UTC
Actually, that is also wrong. While the links in the APSB link to a page where it is not available - and the report is a bit unclear whether it is available now or on August 31, a Unix 9.3.4 can be found at

http://www.adobe.com/support/downloads/detail.jsp?ftpID=4765

Or go directly to:
  ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.3.4/

Release notes:
  http://kb2.adobe.com/cps/837/cpsid_83708.html
Comment 3 Ludwig Nussel 2010-08-20 14:33:01 UTC
thanks for having an open eye, we've been tracking this in bug 629134 already though. The "paperwork" is already done, we just need someone to submit packages ... :-)

*** This bug has been marked as a duplicate of bug 629134 ***