Test ID:	1.3.6.1.4.1.25623.1.0.66689
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0037
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0037. Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes several vulnerabilities in Adobe Reader. These vulnerabilities are summarized on the Adobe Security Advisory APSB10-02 page listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956) This update also fixes the following bugs: * the acroread process continued to run even after closing a PDF file. If multiple PDF files were opened and then closed, the acroread processes continued to run and consume system resources (up to 100% CPU usage). With this update, the acroread process correctly exits, which resolves this issue. (BZ#473217) * the PPKLite.api plug-in was missing, causing Adobe Reader to crash when attempting to open signed PDF files. For such files, if an immediate crash was not observed, clicking on the Signature Panel could trigger one. With this update, the PPKLite.api plug-in is included, which resolves this issue. (BZ#472975) * Adobe Reader has been upgraded to version 9.3. (BZ#497957) Adobe have discontinued support for Adobe Reader 8 for Linux. All users of Adobe Reader are advised to install these updated packages, which contain Adobe Reader version 9.3, which is not vulnerable to these issues and fixes these bugs. All running instances of Adobe Reader must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0037.html http://www.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb10-02.html Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3953 BugTraq ID: 37758 http://www.securityfocus.com/bid/37758 Cert/CC Advisory: TA10-013A http://www.us-cert.gov/cas/techalerts/TA10-013A.html http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl http://osvdb.org/61690 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8242 http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securitytracker.com/id?1023446 http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 SuSE Security Announcement: SUSE-SA:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.vupen.com/english/advisories/2010/0103 XForce ISS Database: acrobat-reader-u3d-code-execution(55551) https://exchange.xforce.ibmcloud.com/vulnerabilities/55551 Common Vulnerability Exposure (CVE) ID: CVE-2009-3954 BugTraq ID: 37761 http://www.securityfocus.com/bid/37761 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8528 XForce ISS Database: acrobat-reader-3d-code-execution(55552) https://exchange.xforce.ibmcloud.com/vulnerabilities/55552 Common Vulnerability Exposure (CVE) ID: CVE-2009-3955 BugTraq ID: 37757 http://www.securityfocus.com/bid/37757 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8255 XForce ISS Database: acrobat-reader-jpxdecode-code-exec(55553) https://exchange.xforce.ibmcloud.com/vulnerabilities/55553 Common Vulnerability Exposure (CVE) ID: CVE-2009-3956 BugTraq ID: 37763 http://www.securityfocus.com/bid/37763 http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327 XForce ISS Database: acrobat-reader-unspec-xss(55554) https://exchange.xforce.ibmcloud.com/vulnerabilities/55554 Common Vulnerability Exposure (CVE) ID: CVE-2009-3959 BugTraq ID: 37756 http://www.securityfocus.com/bid/37756 Bugtraq: 20100115 VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/508949 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8539 XForce ISS Database: acrobat-reader-u3dsupport-code-exec(55557) https://exchange.xforce.ibmcloud.com/vulnerabilities/55557 Common Vulnerability Exposure (CVE) ID: CVE-2009-4324 BugTraq ID: 37331 http://www.securityfocus.com/bid/37331 CERT/CC vulnerability note: VU#508357 http://www.kb.cert.org/vuls/id/508357 http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214 http://www.symantec.com/connect/blogs/zero-day-xmas-present http://osvdb.org/60980 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795 http://secunia.com/advisories/37690 http://www.vupen.com/english/advisories/2009/3518 XForce ISS Database: acro-reader-unspecifed-code-execution(54747) https://exchange.xforce.ibmcloud.com/vulnerabilities/54747
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.