SuSE Local Security Checks : SuSE Security Advisory SUSE-SA:2006:041 (acroread)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.57427

Category: SuSE Local Security Checks

Title: SuSE Security Advisory SUSE-SA:2006:041 (acroread)

Summary: NOSUMMARY

Description: Description:

The remote host is missing updates announced in
advisory SUSE-SA:2006:041.

Various unspecified security problems have been fixed in Acrobat
Reader version 7.0.8.

Adobe does not provide detailed information about the nature of the
security problems. Therefore, it is necessary to assume that remote
code execution is possible.

Adobe does not provide update packages for Acroread that are compatible
with some of our releases from the past. Therefore, updates are missing
(and might not be provided) for the products listed as follows.

As a solution to Adobe acroread security problems on older products
we suggest removal of the package from exposed systems and to use
the longer maintained open source PDF viewers.

- SUSE Linux Enterprise Server 9, Open Enterprise Server,
Novell Linux POS 9

Acrobat Reader 7.0.8 has a new requirement on GTK+ 2.4 libraries
(previously GTK+ 2.2).

Since the above products contain only GTK+ 2.2, the Acrobat Reader
7.0.8 provided by Adobe is currently not functional.

We have postponed the updates and wait for Adobe to clarify this
problem.

- SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Desktop 1

These versions only support Acrobat Reader 5 and could not be
upgraded for Acrobat Reader 7 due to glibc and GTK+ requirements.

We discontinued security support for Acrobat Reader on those
products some time ago already.

This issue is tracked by the Mitre CVE ID CVE-2006-3093.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2006:041

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3093
BugTraq ID: 18445
http://www.securityfocus.com/bid/18445
http://www.osvdb.org/26535
http://www.osvdb.org/26536
http://securitytracker.com/id?1016314
http://secunia.com/advisories/20576
http://secunia.com/advisories/20925
http://secunia.com/advisories/20960
SuSE Security Announcement: SUSE-SA:2006:041 (Google Search)
http://www.novell.com/linux/security/advisories/2006_41_acroread.html
SuSE Security Announcement: SUSE-SR:2006:016 (Google Search)
http://www.novell.com/linux/security/advisories/2006_16_sr.html
XForce ISS Database: adobe-multiple-unspecified(31829)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31829

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.57427
Category:	SuSE Local Security Checks
Title:	SuSE Security Advisory SUSE-SA:2006:041 (acroread)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory SUSE-SA:2006:041. Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8. Adobe does not provide detailed information about the nature of the security problems. Therefore, it is necessary to assume that remote code execution is possible. Adobe does not provide update packages for Acroread that are compatible with some of our releases from the past. Therefore, updates are missing (and might not be provided) for the products listed as follows. As a solution to Adobe acroread security problems on older products we suggest removal of the package from exposed systems and to use the longer maintained open source PDF viewers. - SUSE Linux Enterprise Server 9, Open Enterprise Server, Novell Linux POS 9 Acrobat Reader 7.0.8 has a new requirement on GTK+ 2.4 libraries (previously GTK+ 2.2). Since the above products contain only GTK+ 2.2, the Acrobat Reader 7.0.8 provided by Adobe is currently not functional. We have postponed the updates and wait for Adobe to clarify this problem. - SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Desktop 1 These versions only support Acrobat Reader 5 and could not be upgraded for Acrobat Reader 7 due to glibc and GTK+ requirements. We discontinued security support for Acrobat Reader on those products some time ago already. This issue is tracked by the Mitre CVE ID CVE-2006-3093. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2006:041 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3093 BugTraq ID: 18445 http://www.securityfocus.com/bid/18445 http://www.osvdb.org/26535 http://www.osvdb.org/26536 http://securitytracker.com/id?1016314 http://secunia.com/advisories/20576 http://secunia.com/advisories/20925 http://secunia.com/advisories/20960 SuSE Security Announcement: SUSE-SA:2006:041 (Google Search) http://www.novell.com/linux/security/advisories/2006_41_acroread.html SuSE Security Announcement: SUSE-SR:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_sr.html XForce ISS Database: adobe-multiple-unspecified(31829) https://exchange.xforce.ibmcloud.com/vulnerabilities/31829
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com