Detalji
Kreirano: 15 Studeni 2011
Uočeno je nekoliko sigurnosnih ranjivosti programskog paketa Adobe Reader koje se mogu iskoristiti za pokretanje proizvoljnog programskog koda ili povećanje ovlasti napadača.
Paket:
acroread 9.x
Operacijski sustavi:
SUSE Linux Enterprise Desktop 10, SUSE Linux Enterprise Desktop 11
Kritičnost:
6.9
Problem:
preljev međuspremnika
Iskorištavanje:
lokalno/udaljeno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442
Izvorni ID preporuke:
SUSE-SU-2011:1239-1
Izvor:
SUSE
Problem:
Većina otkrivenih ranjivosti je uzrokovana preljevom međuspremnika.
Posljedica:
Najozbiljnije ranjivosti se mogu iskoristiti udaljeno za pokretanje proizvoljnog programskog koda.
Rješenje:
Preporuča se korištenje najnovije inačice.
Izvorni tekst preporuke
SUSE Security Update: Security update for Acrobat Reader
______________________________________________________________________________
Announcement ID: SUSE-SU-2011:1239-1
Rating: critical
References: #717724
Cross-References: CVE-2011-1353 CVE-2011-2431 CVE-2011-2432
CVE-2011-2433 CVE-2011-2434 CVE-2011-2435
CVE-2011-2436 CVE-2011-2437 CVE-2011-2438
CVE-2011-2439 CVE-2011-2440 CVE-2011-2441
CVE-2011-2442
Affected Products:
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
It includes one version update.
Description:
Acrobat reader was updated to version 9.4.6 to fix several
security issues (CVE-2011-1353, CVE-2011-2431,
CVE-2011-2432, CVE-2011-2433, CVE-2011-2434,
CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438,
CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442)
Security Issue references:
* CVE-2011-1353
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1353
>
* CVE-2011-2431
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2431
>
* CVE-2011-2432
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2432
>
* CVE-2011-2433
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2433
>
* CVE-2011-2434
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2434
>
* CVE-2011-2435
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2435
>
* CVE-2011-2436
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2436
>
* CVE-2011-2437
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2437
>
* CVE-2011-2438
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2438
>
* CVE-2011-2439
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2439
>
* CVE-2011-2440
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2440
>
* CVE-2011-2441
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2441
>
* CVE-2011-2442
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2442
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Desktop 11 SP1:
zypper in -t patch sledsp1-acroread-5412
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 9.4.6]:
acroread-cmaps-9.4.6-0.2.1
acroread-fonts-ja-9.4.6-0.2.1
acroread-fonts-ko-9.4.6-0.2.1
acroread-fonts-zh_CN-9.4.6-0.2.1
acroread-fonts-zh_TW-9.4.6-0.2.1
- SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 9.4.6]:
acroread-9.4.6-0.2.1
- SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]:
acroread-cmaps-9.4.6-0.5.1
acroread-fonts-ja-9.4.6-0.5.1
acroread-fonts-ko-9.4.6-0.5.1
acroread-fonts-zh_CN-9.4.6-0.5.1
acroread-fonts-zh_TW-9.4.6-0.5.1
- SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.4.6]:
acroread-9.4.6-0.5.1
References:
http://support.novell.com/security/cve/CVE-2011-1353.html
http://support.novell.com/security/cve/CVE-2011-2431.html
http://support.novell.com/security/cve/CVE-2011-2432.html
http://support.novell.com/security/cve/CVE-2011-2433.html
http://support.novell.com/security/cve/CVE-2011-2434.html
http://support.novell.com/security/cve/CVE-2011-2435.html
http://support.novell.com/security/cve/CVE-2011-2436.html
http://support.novell.com/security/cve/CVE-2011-2437.html
http://support.novell.com/security/cve/CVE-2011-2438.html
http://support.novell.com/security/cve/CVE-2011-2439.html
http://support.novell.com/security/cve/CVE-2011-2440.html
http://support.novell.com/security/cve/CVE-2011-2441.html
http://support.novell.com/security/cve/CVE-2011-2442.html
https://bugzilla.novell.com/717724
http://download.novell.com/patch/finder/?keywords=04e3cd5de8e24c9c3136e18902d86d2d
http://download.novell.com/patch/finder/?keywords=729306cbb9eef9773fe9541056dca550
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke