SuseSUSE-SA:2009:014remote code execution in acroread
0.975 High
EPSS
Percentile
100.0%
Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. Please find more details at Adobe’s site: http://www.adobe.com/support/security/bulletins/apsb09-04.html Note that Adobe did not provide updates for Adobe Reader 7 as used on NLD9. We cannot upgrade to newer versions due to library dependencies. We strongly encourage users of acroread on NLD9 to uninstall the package and to use an alternative, open source pdf viewer instead. We’re currently evaluating the possibility of disabling acroread on NLD9 via online update.
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 11.0 | i586 | acroread | < 8.1.4-0.1 | acroread-8.1.4-0.1.i586.rpm |
| SUSE Linux Enterprise Server | 11 | i586 | acroread-debuginfo | < 8.1.4-0.9.1 | acroread-debuginfo-8.1.4-0.9.1.i586.rpm |
| openSUSE | 10.3 | i586 | acroread | < 8.1.4-0.1 | acroread-8.1.4-0.1.i586.rpm |
| openSUSE | 11.1 | i586 | acroread | < 8.1.4-0.1.1 | acroread-8.1.4-0.1.1.i586.rpm |
Related
