Adobe Reader 8.1.2

Security Announcement

Date: Mon, 18 Feb 2008 17:44:23 +0100 From: Marcus Meissner <meissner@suse.de> To: opensuse-security-announce@opensuse.org Subject: [security-announce] SUSE Security Announcement: Acrobat Reader (SUSE-SA:2008:009) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: acroread Announcement ID: SUSE-SA:2008:009 Date: Mon, 18 Feb 2008 17:00:00 +0000 Affected Products: SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2008-0655 , CVE-2008-0667 , CVE-2008-0726 APSA08-01 Content of This Advisory: 1) Security Vulnerability Resolved: Acrobat Reader Security problems Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion This version update to 8.1.2 fixes numerous bugs, including some security problems. While Adobe did not publish any details about those problems yet, third parties have listed some. The official Adobe page is: http://www.adobe.com/support/security/advisories/apsa08-01.html CVE-2008-0655 : Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. CVE-2008-0667 : The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document.

Group Policy, Fundamentals, Security, and the Managed Desktop

PC world