rhsa-2008_0641
Vulnerability from csaf_redhat
Published
2008-07-21 13:44
Modified
2024-11-14 10:06
Summary
Red Hat Security Advisory: acroread security update
Notes
Topic
Updated acroread packages that fix various security issues are now
available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Adobe Acrobat Reader allows users to view and print documents in Portable
Document Format (PDF).
An input validation flaw was discovered in a JavaScript engine used by
Acrobat Reader. A malicious PDF file could cause Acrobat Reader to crash
or, potentially, execute arbitrary code as the user running Acrobat Reader.
(CVE-2008-2641)
An insecure temporary file usage issue was discovered in the Acrobat Reader
"acroread" startup script. A local attacker could potentially overwrite
arbitrary files that were writable by the user running Acrobat Reader, if
the victim ran "acroread" with certain command line arguments.
(CVE-2008-0883)
All acroread users are advised to upgrade to these updated packages, that
contain Acrobat Reader version 8.1.2 Security Update 1, and are not
vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Acrobat Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to crash\nor, potentially, execute arbitrary code as the user running Acrobat Reader.\n(CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat Reader\n\"acroread\" startup script. A local attacker could potentially overwrite\narbitrary files that were writable by the user running Acrobat Reader, if\nthe victim ran \"acroread\" with certain command line arguments.\n(CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages, that\ncontain Acrobat Reader version 8.1.2 Security Update 1, and are not\nvulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0641",
"url": "https://access.redhat.com/errata/RHSA-2008:0641"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "436263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
},
{
"category": "external",
"summary": "452632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0641.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:06:26+00:00",
"generator": {
"date": "2024-11-14T10:06:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2008:0641",
"initial_release_date": "2008-07-21T13:44:00+00:00",
"revision_history": [
{
"date": "2008-07-21T13:44:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-07-21T09:44:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:06:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 4 Extras",
"product": {
"name": "Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:5::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"product": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"product_id": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.2.SU1-2.el4.i386",
"product": {
"name": "acroread-0:8.1.2.SU1-2.el4.i386",
"product_id": "acroread-0:8.1.2.SU1-2.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"product": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"product_id": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.2.SU1-2.el5.i386",
"product": {
"name": "acroread-0:8.1.2.SU1-2.el5.i386",
"product_id": "acroread-0:8.1.2.SU1-2.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2.el5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-0:8.1.2.SU1-2.i386",
"product": {
"name": "acroread-0:8.1.2.SU1-2.i386",
"product_id": "acroread-0:8.1.2.SU1-2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread@8.1.2.SU1-2?arch=i386"
}
}
},
{
"category": "product_version",
"name": "acroread-plugin-0:8.1.2.SU1-2.i386",
"product": {
"name": "acroread-plugin-0:8.1.2.SU1-2.i386",
"product_id": "acroread-plugin-0:8.1.2.SU1-2.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-plugin@8.1.2.SU1-2?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.i386",
"relates_to_product_reference": "3WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras",
"product_id": "4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Desktop version 4 Extras",
"product_id": "4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras",
"product_id": "4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras",
"product_id": "4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"relates_to_product_reference": "4WS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
"product_id": "5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"relates_to_product_reference": "5Client-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386"
},
"product_reference": "acroread-0:8.1.2.SU1-2.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-plugin-0:8.1.2.SU1-2.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
"product_id": "5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
},
"product_reference": "acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"relates_to_product_reference": "5Server-Supplementary"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-0883",
"discovery_date": "2008-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "436263"
}
],
"notes": [
{
"category": "description",
"text": "acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: insecure handling of temporary files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0883"
},
{
"category": "external",
"summary": "RHBZ#436263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0883",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0883"
}
],
"release_date": "2008-02-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-07-21T13:44:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0641"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "acroread: insecure handling of temporary files"
},
{
"cve": "CVE-2008-2641",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2008-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "452632"
}
],
"notes": [
{
"category": "description",
"text": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: input validation issue in a JavaScript method",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2641"
},
{
"category": "external",
"summary": "RHBZ#452632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=452632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2641",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2641"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2641"
}
],
"release_date": "2008-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-07-21T13:44:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"3AS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3AS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-0:8.1.2.SU1-2.i386",
"3Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-0:8.1.2.SU1-2.i386",
"3ES-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-0:8.1.2.SU1-2.i386",
"3WS-LACD:acroread-plugin-0:8.1.2.SU1-2.i386",
"4AS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4AS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4Desktop-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4ES-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-0:8.1.2.SU1-2.el4.i386",
"4WS-LACD:acroread-plugin-0:8.1.2.SU1-2.el4.i386",
"5Client-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Client-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-0:8.1.2.SU1-2.el5.i386",
"5Server-Supplementary:acroread-plugin-0:8.1.2.SU1-2.el5.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0641"
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: input validation issue in a JavaScript method"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.