Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0037
The remote host is missing updates announced in
advisory RHSA-2010:0037.

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

This update fixes several vulnerabilities in Adobe Reader. These
vulnerabilities are summarized on the Adobe Security Advisory APSB10-02
page listed in the References section. A specially-crafted PDF file could
cause Adobe Reader to crash or, potentially, execute arbitrary code as the
user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,
CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)

This update also fixes the following bugs:

* the acroread process continued to run even after closing a PDF file. If
multiple PDF files were opened and then closed, the acroread processes
continued to run and consume system resources (up to 100% CPU usage). With
this update, the acroread process correctly exits, which resolves this
issue. (BZ#473217)

* the PPKLite.api plug-in was missing, causing Adobe Reader to crash when
attempting to open signed PDF files. For such files, if an immediate crash
was not observed, clicking on the Signature Panel could trigger one. With
this update, the PPKLite.api plug-in is included, which resolves this
issue. (BZ#472975)

* Adobe Reader has been upgraded to version 9.3. (BZ#497957)

Adobe have discontinued support for Adobe Reader 8 for Linux. All users of
Adobe Reader are advised to install these updated packages, which contain
Adobe Reader version 9.3, which is not vulnerable to these issues and fixes
these bugs. All running instances of Adobe Reader must be restarted for the
update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3953
BugTraq ID: 37758
Cert/CC Advisory: TA10-013A
SuSE Security Announcement: SUSE-SA:2010:008 (Google Search)
XForce ISS Database: acrobat-reader-u3d-code-execution(55551)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3954
BugTraq ID: 37761
XForce ISS Database: acrobat-reader-3d-code-execution(55552)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3955
BugTraq ID: 37757
XForce ISS Database: acrobat-reader-jpxdecode-code-exec(55553)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3956
BugTraq ID: 37763
XForce ISS Database: acrobat-reader-unspec-xss(55554)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3959
BugTraq ID: 37756
Bugtraq: 20100115 VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability (Google Search)
XForce ISS Database: acrobat-reader-u3dsupport-code-exec(55557)
Common Vulnerability Exposure (CVE) ID: CVE-2009-4324
BugTraq ID: 37331
CERT/CC vulnerability note: VU#508357
XForce ISS Database: acro-reader-unspecifed-code-execution(54747)
CopyrightCopyright (c) 2010 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.