Security update for Acrobat Reader (important)

2013-05-18T00:04:57
ID SUSE-SU-2013:0809-1
Type suse
Reporter Suse
Modified 2013-05-18T00:04:57

Description

Acrobat Reader has been updated to version 9.5.5.

The Adobe Advisory can be found at: <a rel="nofollow" href="https://www.adobe.com/support/security/bulletins/apsb13-15.h">https://www.adobe.com/support/security/bulletins/apsb13-15.h</a> tml <<a rel="nofollow" href="https://www.adobe.com/support/security/bulletins/apsb13-15">https://www.adobe.com/support/security/bulletins/apsb13-15</a>. html>

These updates resolve:

*

memory corruption vulnerabilities that could lead to code execution (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).

*

an integer underflow vulnerability that could lead to code execution (CVE-2013-2549).

*

a use-after-free vulnerability that could lead to a bypass of Adobe Reader's sandbox protection (CVE-2013-2550).

*

an information leakage issue involving a Javascript API (CVE-2013-2737).

*

a stack overflow vulnerability that could lead to code execution (CVE-2013-2724).

*

buffer overflow vulnerabilities that could lead to code execution (CVE-2013-2730, CVE-2013-2733).

*

integer overflow vulnerabilities that could lead to code execution (CVE-2013-2727, CVE-2013-2729).

*

a flaw in the way Reader handles domains that have been blacklisted in the operating system (CVE-2013-3342).