Bugzilla – Bug 735275
VUL-0: acroread 9.4.6 vulnerable
Last modified: 2012-01-22 14:00:15 UTC
Your friendly security team received the following report. Please respond ASAP. The issue is public. http://www.adobe.com/support/security/advisories/apsa11-04.html ----- A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows. ----- Adobe plans to release updates at January 10th.
bugbot adjusting priority
Fine, let me known if the updates is available.
Name: CVE-2011-4369 Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
(In reply to comment #2) > Fine, let me known if the updates is available. The files have just landed at: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.4.7/enu/
The SWAMPID for this issue is 44853. This issue was rated as moderate. Please submit fixed packages until 2012-01-24. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
The 9.4.7 directory seems to have vanished.
(In reply to comment #6) > The 9.4.7 directory seems to have vanished. The link of comment 4 still works for me ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.4.7/enu/ It is also (now) linked from http://www.adobe.com/support/security/bulletins/apsb11-30.html
weird $ ftp -a ftp.adobe.com Connected to ftp.adobe.com. 220 Welcome message 331 Please specify the password. 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd /pub/adobe/reader/unix/9.x/9.4.7/enu/ 550 Failed to change directory. ftp> cd /pub/adobe/reader/unix/9.x/ 250 Directory successfully changed. ftp> ls 229 Entering Extended Passive Mode (|||30041|). 150 Here comes the directory listing. drwxr-xr-x 3 10276 50 4096 Nov 11 09:24 9.1 drwxr-xr-x 3 10276 50 4096 Nov 11 09:22 9.4.6 226 Directory send OK. ftp> Do you have packaging skills and could take care of Factory maybe?
Done for openSUSE. 99749 State:new By:BinLi When:2012-01-11T11:23:06 submit: home:BinLi:branches:openSUSE:11.3:Update:Test/acroread -> openSUSE:11.3:Update:Test Descr: 'upgrade to 9.4.7(bnc#735275,swampid#44853)' 99748 State:new By:BinLi When:2012-01-11T11:22:29 submit: home:BinLi:branches:openSUSE:11.4:Update/acroread -> openSUSE:11.4:Update:Test Descr: 'upgrade to 9.4.7(bnc#735275,swampid#44853)' Request #99746: submit: home:BinLi:branches:openSUSE:12.1:Update/acroread(r2) -> openSUSE:12.1:Update:Test/acroread Message: upgrade to 9.4.7(bnc#735275,swampid#44853) 99745 State:new By:BinLi When:2012-01-11T11:20:48 submit: home:BinLi:branches:devel:openSUSE:Factory/acroread -> devel:openSUSE:Factory Descr: 'upgrade to 9.4.7(bnc#735275,swampid#44853)'
Done for SLE. Request #17162: submit: home:BinLi:branches:SUSE:SLE-10-SP4:Update:Test/acroread(r3)(cleanup) -> SUSE:SLE-10-SP4:Update:Test/acroread Message: upgrade to 9.4.7(bnc#735275,swampid#44853) Request #17161: submit: home:BinLi:branches:SUSE:SLE-11-SP1:Update:Test/acroread(r3)(cleanup) -> SUSE:SLE-11-SP1:Update:Test/acroread Message: upgrade to 9.4.7(bnc#735275,swampid#44853) Request #17160: submit: home:BinLi:branches:SUSE:SLE-11-SP2:GA/acroread(r2)(cleanup) -> SUSE:SLE-11-SP2:GA/acroread Message: upgrade to 9.4.7(bnc#735275,swampid#44853)
Reassign it.
This is an autogenerated message for OBS integration: This bug (735275) was mentioned in https://build.opensuse.org/request/show/99746 12.1 / acroread https://build.opensuse.org/request/show/99748 11.4 / acroread https://build.opensuse.org/request/show/99749 11.3 / acroread
This is an autogenerated message for OBS integration: This bug (735275) was mentioned in https://build.opensuse.org/request/show/99847 Factory / acroread
Update released for: acroread, acroread-cmaps, acroread-fonts-ja, acroread-fonts-ko, acroread-fonts-zh_CN, acroread-fonts-zh_TW Products: openSUSE 11.3 (i586) openSUSE 11.4 (i586)
Update released for: acroread, acroread-cmaps, acroread-debuginfo, acroread-fonts-ja, acroread-fonts-ko, acroread-fonts-zh_CN, acroread-fonts-zh_TW Products: SLE-DESKTOP 10-SP4 (i386, x86_64)
Update released for: acroread, acroread-cmaps, acroread-debuginfo, acroread-fonts-ja, acroread-fonts-ko, acroread-fonts-zh_CN, acroread-fonts-zh_TW Products: SLE-DESKTOP 11-SP1 (i386, x86_64)
done
This is an autogenerated message for OBS integration: This bug (735275) was mentioned in https://build.opensuse.org/request/show/100559 Evergreen:11.2 / acroread
This is an autogenerated message for OBS integration: This bug (735275) was mentioned in https://build.opensuse.org/request/show/101047 Evergreen:11.1 / acroread