(RHSA-2008:0144) Critical: acroread security update

The Adobe Reader allows users to view and print documents in portable
document format (PDF).

Several flaws were found in the way Adobe Reader processed malformed PDF
files. An attacker could create a malicious PDF file which could execute
arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663,
CVE-2007-5666, CVE-2008-0726)

A flaw was found in the way the Adobe Reader browser plug-in honored
certain requests. A malicious PDF file could cause the browser to request
an unauthorized URL, allowing for a cross-site request forgery attack.
(CVE-2007-0044)

A flaw was found in Adobe Reader’s JavaScript API DOC.print function. A
malicious PDF file could silently trigger non-interactive printing of the
document, causing multiple copies to be printed without the users consent.
(CVE-2008-0667)

Additionally, this update fixes multiple unknown flaws in Adobe Reader.
When the information regarding these flaws is made public by Adobe, it will
be added to this advisory. (CVE-2008-0655)

Note: Adobe have yet to release security fixed versions of Adobe 7. All
users of Adobe Reader are, therefore, advised to install these updated
packages. They contain Adobe Reader version 8.1.2, which is not vulnerable
to these issues.