SUSE-SU-2012:0522-1: important: Security update for Acrobat Reader

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Apr 18 11:08:25 MDT 2012


   SUSE Security Update: Security update for Acrobat Reader
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0522-1
Rating:             important
References:         #742126 #756574 
Cross-References:   CVE-2012-0774 CVE-2012-0775 CVE-2012-0777
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that fixes three vulnerabilities is now
   available. It includes two new package versions.

Description:


   Specially crafted PDF files could have caused a denial of
   service or have  lead to the execution of arbitrary code in
   the context of the user running  acroread:

   * CVE-2012-0774, crafted fonts inside PDFs could allow
   attackers to cause an integer overflow, resulting in the
   possibility of arbitrary code execution
   * CVE-2012-0775, CVE-2012-0777: an issue in acroread's
   javascript API could allow attackers to cause a denial of
   service or potentially execute arbitrary code

   Security Issue references:

   * CVE-2012-0774
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0774
   >
   * CVE-2012-0775
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0775
   >
   * CVE-2012-0777
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0777
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp1-acroread-6138

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-acroread-6138

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 9.4.6]:

      acroread-cmaps-9.4.6-0.4.2.3
      acroread-fonts-ja-9.4.6-0.4.2.3
      acroread-fonts-ko-9.4.6-0.4.2.3
      acroread-fonts-zh_CN-9.4.6-0.4.2.3
      acroread-fonts-zh_TW-9.4.6-0.4.2.3

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.1]:

      acroread-9.5.1-0.2.1

   - SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 9.4.6]:

      acroread-cmaps-9.4.6-0.4.2.3
      acroread-fonts-ja-9.4.6-0.4.2.3
      acroread-fonts-ko-9.4.6-0.4.2.3
      acroread-fonts-zh_CN-9.4.6-0.4.2.3
      acroread-fonts-zh_TW-9.4.6-0.4.2.3

   - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 9.5.1]:

      acroread-9.5.1-0.2.1


References:

   http://support.novell.com/security/cve/CVE-2012-0774.html
   http://support.novell.com/security/cve/CVE-2012-0775.html
   http://support.novell.com/security/cve/CVE-2012-0777.html
   https://bugzilla.novell.com/742126
   https://bugzilla.novell.com/756574
   http://download.novell.com/patch/finder/?keywords=d50fa4600ca02afa4a43a3170e58aa41



More information about the sle-security-updates mailing list