SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3638 / 3639)
High Nessus Plugin ID 51087
SynopsisThe remote SuSE 11 host is missing a security update.
DescriptionThis update of acroread fixes two critical vulnerabilities. The first one in referenced by CVE-2010-3654 and exists in the integrated authplay component that may allow remote attackers to take control over a victims system.
(CVE-2010-3654: CVSS v2 Base Score: 6.8 (critical) (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119))
The other issue was disclosed on full-disclosure to demonstrate a denial of service attack, an extend of this attack to execute arbitrary code could be possible.
(CVE-2010-4091: CVSS v2 Base Score: 6.8 (critical) (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119))
SolutionApply SAT patch number 3638 / 3639 as appropriate.