Security update for Acrobat Reader

SUSE Security Update: Security update for Acrobat Reader
Announcement ID: SUSE-SU-2013:0809-1
Rating: important
References: #819918
Affected Products:
  • SUSE Linux Enterprise Desktop 11 SP2
  • SUSE Linux Enterprise Desktop 10 SP4
    		•

    An update that fixes 27 vulnerabilities is now available. It includes two new package versions.

    Description:


    Acrobat Reader has been updated to version 9.5.5.

    The Adobe Advisory can be found at:
    https://www.adobe.com/support/security/bulletins/apsb13-15.h
    tml
    html>

    These updates resolve:

    *

    memory corruption vulnerabilities that could lead to
    code execution (CVE-2013-2718, CVE-2013-2719,
    CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723,
    CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732,
    CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337,
    CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).

    *

    an integer underflow vulnerability that could lead to
    code execution (CVE-2013-2549).

    *

    a use-after-free vulnerability that could lead to a
    bypass of Adobe Reader's sandbox protection (CVE-2013-2550).

    *

    an information leakage issue involving a Javascript
    API (CVE-2013-2737).

    *

    a stack overflow vulnerability that could lead to
    code execution (CVE-2013-2724).

    *

    buffer overflow vulnerabilities that could lead to
    code execution (CVE-2013-2730, CVE-2013-2733).

    *

    integer overflow vulnerabilities that could lead to
    code execution (CVE-2013-2727, CVE-2013-2729).

    *

    a flaw in the way Reader handles domains that have
    been blacklisted in the operating system (CVE-2013-3342).

    Security Issue references:

    * CVE-2013-2549
    >
    * CVE-2013-2550
    >
    * CVE-2013-2718
    >
    * CVE-2013-2719
    >
    * CVE-2013-2720
    >
    * CVE-2013-2721
    >
    * CVE-2013-2722
    >
    * CVE-2013-2723
    >
    * CVE-2013-2724
    >
    * CVE-2013-2725
    >
    * CVE-2013-2726
    >
    * CVE-2013-2727
    >
    * CVE-2013-2729
    >
    * CVE-2013-2730
    >
    * CVE-2013-2731
    >
    * CVE-2013-2732
    >
    * CVE-2013-2733
    >
    * CVE-2013-2734
    >
    * CVE-2013-2735
    >
    * CVE-2013-2736
    >
    * CVE-2013-2737
    >
    * CVE-2013-3337
    >
    * CVE-2013-3338
    >
    * CVE-2013-3339
    >
    * CVE-2013-3340
    >
    * CVE-2013-3341
    >
    * CVE-2013-3342
    >

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-acroread-7734

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Desktop 11 SP2 (noarch):
    • acroread-cmaps-9.4.6-0.4.3.2
    • acroread-fonts-ja-9.4.6-0.4.3.2
    • acroread-fonts-ko-9.4.6-0.4.3.2
    • acroread-fonts-zh_CN-9.4.6-0.4.3.2
    • acroread-fonts-zh_TW-9.4.6-0.4.3.2
    • SUSE Linux Enterprise Desktop 11 SP2 (i586) [New Version: 9.5.5]:
    • acroread-9.5.5-0.3.1
    • SUSE Linux Enterprise Desktop 10 SP4 (noarch) [New Version: 9.4.6]:
    • acroread-cmaps-9.4.6-0.6.63
    • acroread-fonts-ja-9.4.6-0.6.63
    • acroread-fonts-ko-9.4.6-0.6.63
    • acroread-fonts-zh_CN-9.4.6-0.6.63
    • acroread-fonts-zh_TW-9.4.6-0.6.63
    • SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 9.5.5]:
    • acroread-9.5.5-0.6.1

    References:

    • http://support.novell.com/security/cve/CVE-2013-2549.html
    • http://support.novell.com/security/cve/CVE-2013-2550.html
    • http://support.novell.com/security/cve/CVE-2013-2718.html
    • http://support.novell.com/security/cve/CVE-2013-2719.html
    • http://support.novell.com/security/cve/CVE-2013-2720.html
    • http://support.novell.com/security/cve/CVE-2013-2721.html
    • http://support.novell.com/security/cve/CVE-2013-2722.html
    • http://support.novell.com/security/cve/CVE-2013-2723.html
    • http://support.novell.com/security/cve/CVE-2013-2724.html
    • http://support.novell.com/security/cve/CVE-2013-2725.html
    • http://support.novell.com/security/cve/CVE-2013-2726.html
    • http://support.novell.com/security/cve/CVE-2013-2727.html
    • http://support.novell.com/security/cve/CVE-2013-2729.html
    • http://support.novell.com/security/cve/CVE-2013-2730.html
    • http://support.novell.com/security/cve/CVE-2013-2731.html
    • http://support.novell.com/security/cve/CVE-2013-2732.html
    • http://support.novell.com/security/cve/CVE-2013-2733.html
    • http://support.novell.com/security/cve/CVE-2013-2734.html
    • http://support.novell.com/security/cve/CVE-2013-2735.html
    • http://support.novell.com/security/cve/CVE-2013-2736.html
    • http://support.novell.com/security/cve/CVE-2013-2737.html
    • http://support.novell.com/security/cve/CVE-2013-3337.html
    • http://support.novell.com/security/cve/CVE-2013-3338.html
    • http://support.novell.com/security/cve/CVE-2013-3339.html
    • http://support.novell.com/security/cve/CVE-2013-3340.html
    • http://support.novell.com/security/cve/CVE-2013-3341.html
    • http://support.novell.com/security/cve/CVE-2013-3342.html
    • https://bugzilla.novell.com/819918
    • http://download.suse.com/patch/finder/?keywords=58cafced3fc6f05d61997a857a3e59ba
    • http://download.suse.com/patch/finder/?keywords=771b7d069a8e369062487e3b94acb033