SuSE 11.2 Security Update : Acrobat Reader (SAT Patch Number 7734)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

Acrobat Reader has been updated to version 9.5.5.

The Adobe Advisory can be found at:
https://www.adobe.com/support/security/bulletins/apsb13-15.html

These updates resolve :

- memory corruption vulnerabilities that could lead to
code execution. (CVE-2013-2718 / CVE-2013-2719 /
CVE-2013-2720 / CVE-2013-2721 / CVE-2013-2722 /
CVE-2013-2723 / CVE-2013-2725 / CVE-2013-2726 /
CVE-2013-2731 / CVE-2013-2732 / CVE-2013-2734 /
CVE-2013-2735 / CVE-2013-2736 / CVE-2013-3337 /
CVE-2013-3338 / CVE-2013-3339 / CVE-2013-3340 /
CVE-2013-3341)

- an integer underflow vulnerability that could lead to
code execution. (CVE-2013-2549)

- a use-after-free vulnerability that could lead to a
bypass of Adobe Reader's sandbox protection.
(CVE-2013-2550)

- an information leakage issue involving a JavaScript API.
(CVE-2013-2737)

- a stack overflow vulnerability that could lead to code
execution. (CVE-2013-2724)

- buffer overflow vulnerabilities that could lead to code
execution. (CVE-2013-2730 / CVE-2013-2733)

- integer overflow vulnerabilities that could lead to code
execution. (CVE-2013-2727 / CVE-2013-2729)

- a flaw in the way Reader handles domains that have been
blacklisted in the operating system. (CVE-2013-3342)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=819918
http://support.novell.com/security/cve/CVE-2013-2549.html
http://support.novell.com/security/cve/CVE-2013-2550.html
http://support.novell.com/security/cve/CVE-2013-2718.html
http://support.novell.com/security/cve/CVE-2013-2719.html
http://support.novell.com/security/cve/CVE-2013-2720.html
http://support.novell.com/security/cve/CVE-2013-2721.html
http://support.novell.com/security/cve/CVE-2013-2722.html
http://support.novell.com/security/cve/CVE-2013-2723.html
http://support.novell.com/security/cve/CVE-2013-2724.html
http://support.novell.com/security/cve/CVE-2013-2725.html
http://support.novell.com/security/cve/CVE-2013-2726.html
http://support.novell.com/security/cve/CVE-2013-2727.html
http://support.novell.com/security/cve/CVE-2013-2729.html
http://support.novell.com/security/cve/CVE-2013-2730.html
http://support.novell.com/security/cve/CVE-2013-2731.html
http://support.novell.com/security/cve/CVE-2013-2732.html
http://support.novell.com/security/cve/CVE-2013-2733.html
http://support.novell.com/security/cve/CVE-2013-2734.html
http://support.novell.com/security/cve/CVE-2013-2735.html
http://support.novell.com/security/cve/CVE-2013-2736.html
http://support.novell.com/security/cve/CVE-2013-2737.html
http://support.novell.com/security/cve/CVE-2013-3337.html
http://support.novell.com/security/cve/CVE-2013-3338.html
http://support.novell.com/security/cve/CVE-2013-3339.html
http://support.novell.com/security/cve/CVE-2013-3340.html
http://support.novell.com/security/cve/CVE-2013-3341.html
http://support.novell.com/security/cve/CVE-2013-3342.html

Solution :

Apply SAT patch number 7734.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true