High Nessus Plugin ID 24421
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:041 (acroread).
Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8.
Adobe does not provide detailed information about the nature of the security problems. Therefore, it is necessary to assume that remote code execution is possible.
Adobe does not provide update packages for Acroread that are compatible with some of our releases from the past. Therefore, updates are missing (and might not be provided) for the products listed as follows.
As a solution to Adobe acroread security problems on older products we suggest removal of the package from exposed systems and to use the longer maintained open source PDF viewers.
- SUSE Linux Enterprise Server 9, Open Enterprise Server, Novell Linux POS 9
Acrobat Reader 7.0.8 has a new requirement on GTK+ 2.4 libraries (previously GTK+ 2.2).
Since the above products contain only GTK+ 2.2, the Acrobat Reader 7.0.8 provided by Adobe is currently not functional.
We have postponed the updates and wait for Adobe to clarify this problem.
- SUSE Linux Enterprise Server 8, SUSE Linux Enterprise Desktop 1
These versions only support Acrobat Reader 5 and could not be upgraded for Acrobat Reader 7 due to glibc and GTK+ requirements.
We discontinued security support for Acrobat Reader on those products some time ago already.
This issue is tracked by the Mitre CVE ID CVE-2006-3093.