SUSE Security Update: Security update for Acrobat Reader
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0809-1
Rating:             important
References:         #819918 
Cross-References:   CVE-2013-2549 CVE-2013-2550 CVE-2013-2718
                    CVE-2013-2719 CVE-2013-2720 CVE-2013-2721
                    CVE-2013-2722 CVE-2013-2723 CVE-2013-2724
                    CVE-2013-2725 CVE-2013-2726 CVE-2013-2727
                    CVE-2013-2729 CVE-2013-2730 CVE-2013-2731
                    CVE-2013-2732 CVE-2013-2733 CVE-2013-2734
                    CVE-2013-2735 CVE-2013-2736 CVE-2013-2737
                    CVE-2013-3337 CVE-2013-3338 CVE-2013-3339
                    CVE-2013-3340 CVE-2013-3341 CVE-2013-3342
                   
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP2
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that fixes 27 vulnerabilities is now available.
   It includes two new package versions.

Description:


   Acrobat Reader has been updated to version 9.5.5.

   The Adobe Advisory can be found at:
      tml
   

   These updates resolve:

   *

   memory corruption vulnerabilities that could lead to
   code execution (CVE-2013-2718, CVE-2013-2719,
   CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723,
   CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732,
   CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
   CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).

   *

   an integer underflow vulnerability that could lead to
   code execution (CVE-2013-2549).

   *

   a use-after-free vulnerability that could lead to a
   bypass of Adobe Reader's sandbox protection (CVE-2013-2550).

   *

   an information leakage issue involving a Javascript
   API (CVE-2013-2737).

   *

   a stack overflow vulnerability that could lead to
   code execution (CVE-2013-2724).

   *

   buffer overflow vulnerabilities that could lead to
   code execution (CVE-2013-2730, CVE-2013-2733).

   *

   integer overflow vulnerabilities that could lead to
   code execution (CVE-2013-2727, CVE-2013-2729).

   *

   a flaw in the way Reader handles domains that have
   been blacklisted in the operating system (CVE-2013-3342).

   Security Issue references:

   * CVE-2013-2549
   
   * CVE-2013-2550
   
   * CVE-2013-2718
   
   * CVE-2013-2719
   
   * CVE-2013-2720
   
   * CVE-2013-2721
   
   * CVE-2013-2722
   
   * CVE-2013-2723
   
   * CVE-2013-2724
   
   * CVE-2013-2725
   
   * CVE-2013-2726
   
   * CVE-2013-2727
   
   * CVE-2013-2729
   
   * CVE-2013-2730
   
   * CVE-2013-2731
   
   * CVE-2013-2732
   
   * CVE-2013-2733
   
   * CVE-2013-2734
   
   * CVE-2013-2735
   
   * CVE-2013-2736
   
   * CVE-2013-2737
   
   * CVE-2013-3337
   
   * CVE-2013-3338
   
   * CVE-2013-3339
   
   * CVE-2013-3340
   
   * CVE-2013-3341
   
   * CVE-2013-3342
   


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-acroread-7734

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP2 (noarch):

      acroread-cmaps-9.4.6-0.4.3.2
      acroread-fonts-ja-9.4.6-0.4.3.2
      acroread-fonts-ko-9.4.6-0.4.3.2
      acroread-fonts-zh_CN-9.4.6-0.4.3.2
      acroread-fonts-zh_TW-9.4.6-0.4.3.2

   - SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.5]:

      acroread-9.5.5-0.3.1

   - SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]:

      acroread-cmaps-9.4.6-0.6.63
      acroread-fonts-ja-9.4.6-0.6.63
      acroread-fonts-ko-9.4.6-0.6.63
      acroread-fonts-zh_CN-9.4.6-0.6.63
      acroread-fonts-zh_TW-9.4.6-0.6.63

   - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.5.5]:

      acroread-9.5.5-0.6.1


References:

   https://www.suse.com/security/cve/CVE-2013-2549.html
   https://www.suse.com/security/cve/CVE-2013-2550.html
   https://www.suse.com/security/cve/CVE-2013-2718.html
   https://www.suse.com/security/cve/CVE-2013-2719.html
   https://www.suse.com/security/cve/CVE-2013-2720.html
   https://www.suse.com/security/cve/CVE-2013-2721.html
   https://www.suse.com/security/cve/CVE-2013-2722.html
   https://www.suse.com/security/cve/CVE-2013-2723.html
   https://www.suse.com/security/cve/CVE-2013-2724.html
   https://www.suse.com/security/cve/CVE-2013-2725.html
   https://www.suse.com/security/cve/CVE-2013-2726.html
   https://www.suse.com/security/cve/CVE-2013-2727.html
   https://www.suse.com/security/cve/CVE-2013-2729.html
   https://www.suse.com/security/cve/CVE-2013-2730.html
   https://www.suse.com/security/cve/CVE-2013-2731.html
   https://www.suse.com/security/cve/CVE-2013-2732.html
   https://www.suse.com/security/cve/CVE-2013-2733.html
   https://www.suse.com/security/cve/CVE-2013-2734.html
   https://www.suse.com/security/cve/CVE-2013-2735.html
   https://www.suse.com/security/cve/CVE-2013-2736.html
   https://www.suse.com/security/cve/CVE-2013-2737.html
   https://www.suse.com/security/cve/CVE-2013-3337.html
   https://www.suse.com/security/cve/CVE-2013-3338.html
   https://www.suse.com/security/cve/CVE-2013-3339.html
   https://www.suse.com/security/cve/CVE-2013-3340.html
   https://www.suse.com/security/cve/CVE-2013-3341.html
   https://www.suse.com/security/cve/CVE-2013-3342.html
   https://bugzilla.novell.com/819918
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login

SuSE: 2013:0809-1: important: Acrobat Reader

May 18, 2013
An update that fixes 27 vulnerabilities is now available

Summary

Acrobat Reader has been updated to version 9.5.5. The Adobe Advisory can be found at: tml These updates resolve: * memory corruption vulnerabilities that could lead to code execution (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341). * an integer underflow vulnerability that could lead to code execution (CVE-2013-2549). * a use-after-free vulnerability that could lead to a bypass of Adobe Reader's sandbox protection (CVE-2013-2550). * an information leakage issue involving a Javascript API (CVE-2013-2737). * a stack overflow vulnerability that could lead to code execution (CVE-2013-2724). * buffer overflow vulnerabilities that could lead to code execution (CVE-2013-...

Read the Full Advisory

References

#819918

Cross- CVE-2013-2549 CVE-2013-2550 CVE-2013-2718

CVE-2013-2719 CVE-2013-2720 CVE-2013-2721

CVE-2013-2722 CVE-2013-2723 CVE-2013-2724

CVE-2013-2725 CVE-2013-2726 CVE-2013-2727

CVE-2013-2729 CVE-2013-2730 CVE-2013-2731

CVE-2013-2732 CVE-2013-2733 CVE-2013-2734

CVE-2013-2735 CVE-2013-2736 CVE-2013-2737

CVE-2013-3337 CVE-2013-3338 CVE-2013-3339

CVE-2013-3340 CVE-2013-3341 CVE-2013-3342

Affected Products:

SUSE Linux Enterprise Desktop 11 SP2

SUSE Linux Enterprise Desktop 10 SP4

https://www.suse.com/security/cve/CVE-2013-2549.html

https://www.suse.com/security/cve/CVE-2013-2550.html

https://www.suse.com/security/cve/CVE-2013-2718.html

https://www.suse.com/security/cve/CVE-2013-2719.html

https://www.suse.com/security/cve/CVE-2013-2720.html

https://www.sus...

Read the Full Advisory

Severity
Announcement ID: SUSE-SU-2013:0809-1
Rating: important

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved