- Vulnerability/
- RHSA-2010:0037
RHSA-2010:0037: Critical: acroread security and bug fix update
First published: Wed Jan 13 2010(Updated: )
Adobe Reader allows users to view and print documents in Portable Document<br>Format (PDF).<br>This update fixes several vulnerabilities in Adobe Reader. These<br>vulnerabilities are summarized on the Adobe Security Advisory APSB10-02<br>page listed in the References section. A specially-crafted PDF file could<br>cause Adobe Reader to crash or, potentially, execute arbitrary code as the<br>user running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,<br>CVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)<br>This update also fixes the following bugs:<br><li> the acroread process continued to run even after closing a PDF file. If</li> multiple PDF files were opened and then closed, the acroread processes<br>continued to run and consume system resources (up to 100% CPU usage). With<br>this update, the acroread process correctly exits, which resolves this<br>issue. (BZ#473217)<br><li> the PPKLite.api plug-in was missing, causing Adobe Reader to crash when</li> attempting to open signed PDF files. For such files, if an immediate crash<br>was not observed, clicking on the Signature Panel could trigger one. With<br>this update, the PPKLite.api plug-in is included, which resolves this<br>issue. (BZ#472975)<br><li> Adobe Reader has been upgraded to version 9.3. (BZ#497957)</li> Adobe have discontinued support for Adobe Reader 8 for Linux. All users of<br>Adobe Reader are advised to install these updated packages, which contain<br>Adobe Reader version 9.3, which is not vulnerable to these issues and fixes<br>these bugs. All running instances of Adobe Reader must be restarted for the<br>update to take effect.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/acroread | <9.3-1.el5 | 9.3-1.el5 |
| redhat/acroread-plugin | <9.3-1.el5 | 9.3-1.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=472975
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473217
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=547799
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=554293
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=554296
- http://www.redhat.com/security/updates/classification/#critical
- http://www.adobe.com/support/security/bulletins/apsb10-02.html
- https://access.redhat.com/errata/RHSA-2010:0037 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2010:0037?
RHSA-2010:0037 addresses critical vulnerabilities in Adobe Reader that could potentially allow remote code execution.
How do I fix RHSA-2010:0037?
To fix RHSA-2010:0037, update Adobe Reader to the latest version by applying the security patches provided in the advisory.
What software is affected by RHSA-2010:0037?
The affected software for RHSA-2010:0037 includes Adobe Reader version 9.3-1.el5 and the acroread-plugin version 9.3-1.el5.
What vulnerabilities are included in RHSA-2010:0037?
RHSA-2010:0037 includes multiple vulnerabilities that allow for potential exploitation, as summarized in the Adobe Security Advisory APSB10-02.
Is there a workaround for RHSA-2010:0037?
There are no recommended workarounds for RHSA-2010:0037; applying the updates is the only solution.
- agent/references
- agent/severity
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0037
- agent/software-canonical-lookup
- agent/remedy
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat