Bug 633159 - Adobe Reader (acroread) on Factory: Update to 9.2.4 security-fixed version
Adobe Reader (acroread) on Factory: Update to 9.2.4 security-fixed version
Status: RESOLVED DUPLICATE of bug 629134
Classification: openSUSE
Product: openSUSE 11.4
Classification: openSUSE
Component: Security
Factory
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-20 12:01 UTC by Tobias Burnus
Modified: 2010-08-20 14:33 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Burnus 2010-08-20 12:01:09 UTC
User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8

http://www.adobe.com/support/security/bulletins/apsb10-17.html

Security updates available for Adobe Reader and Acrobat
Release date: August 19, 2010
Vulnerability identifier: APSB10-17
CVE numbers: CVE-2010-2862, CVE-2010-1240
Platform: All Platforms

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).
These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).
These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.


Please update Factory (and the release branches).

Reproducible: Always
Comment 1 Tobias Burnus 2010-08-20 12:07:58 UTC
I got the version number wrong in the Summary: It's 9.3.4.

And I misread somehow the APSB - it carries the following note:

"Note: Adobe Reader 9.3.4 for Windows, Macintosh and UNIX will be available from the Adobe Reader Download Center at http://get.adobe.com/reader/ by August 31, 2010."

Thus, although the whole report talks about downloading/installing/updating 9.3.4, the version does not seem to be available and

"Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix "

Only offers 9.3.3. Sorry for the premature bug report.
Comment 2 Tobias Burnus 2010-08-20 12:13:10 UTC
Actually, that is also wrong. While the links in the APSB link to a page where it is not available - and the report is a bit unclear whether it is available now or on August 31, a Unix 9.3.4 can be found at

http://www.adobe.com/support/downloads/detail.jsp?ftpID=4765

Or go directly to:
  ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.3.4/

Release notes:
  http://kb2.adobe.com/cps/837/cpsid_83708.html
Comment 3 Ludwig Nussel 2010-08-20 14:33:01 UTC
thanks for having an open eye, we've been tracking this in bug 629134 already though. The "paperwork" is already done, we just need someone to submit packages ... :-)

*** This bug has been marked as a duplicate of bug 629134 ***