SUSE Security Update: Security update for Acrobat Reader ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:0522-1 Rating: important References: #742126 #756574 Cross-References: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. It includes two new package versions. Description: Specially crafted PDF files could have caused a denial of service or have lead to the execution of arbitrary code in the context of the user running acroread: * CVE-2012-0774, crafted fonts inside PDFs could allow attackers to cause an integer overflow, resulting in the possibility of arbitrary code execution * CVE-2012-0775, CVE-2012-0777: an issue in acroread's javascript API could allow attackers to cause a denial of service or potentially execute arbitrary code Security Issue references: * CVE-2012-0774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0774
* CVE-2012-0775 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0775
* CVE-2012-0777 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0777
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp1-acroread-6138 - SUSE Linux Enterprise Desktop 11 SP1: zypper in -t patch sledsp1-acroread-6138 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.4.2.3 acroread-fonts-ja-9.4.6-0.4.2.3 acroread-fonts-ko-9.4.6-0.4.2.3 acroread-fonts-zh_CN-9.4.6-0.4.2.3 acroread-fonts-zh_TW-9.4.6-0.4.2.3 - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.1]: acroread-9.5.1-0.2.1 - SUSE Linux Enterprise Desktop 11 SP1 (noarch) [New Version: 9.4.6]: acroread-cmaps-9.4.6-0.4.2.3 acroread-fonts-ja-9.4.6-0.4.2.3 acroread-fonts-ko-9.4.6-0.4.2.3 acroread-fonts-zh_CN-9.4.6-0.4.2.3 acroread-fonts-zh_TW-9.4.6-0.4.2.3 - SUSE Linux Enterprise Desktop 11 SP1 (i586) [New Version: 9.5.1]: acroread-9.5.1-0.2.1 References: http://support.novell.com/security/cve/CVE-2012-0774.html http://support.novell.com/security/cve/CVE-2012-0775.html http://support.novell.com/security/cve/CVE-2012-0777.html https://bugzilla.novell.com/742126 https://bugzilla.novell.com/756574 http://download.novell.com/patch/finder/?keywords=d50fa4600ca02afa4a43a3170e... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org