openSUSE Security Update : acroread (openSUSE-SU-2011:0156-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Specially crafted PDF documents could crash acroread or lead to
execution of arbitrary code. acroread was updated to version 9.4.2 to
address the issues.

(CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0565,
CVE-2011-0566, CVE-2011-0567, CVE-2011-0570, CVE-2011-0585,
CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589,
CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593,
CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598,
CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603,
CVE-2011-0604, CVE-2011-0606, CVE-2011-0558, CVE-2011-0559,
CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572,
CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577,
CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)

See also :

http://lists.opensuse.org/opensuse-updates/2011-03/msg00003.html
https://bugzilla.novell.com/show_bug.cgi?id=669550

Solution :

Update the affected acroread package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true