Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Several input validation flaws were discovered in Adobe Reader. A malicious
PDF file could cause Adobe Reader to crash or, potentially, execute
arbitrary code as the user running Adobe Reader. (CVE-2008-2549,
CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)
The Adobe Reader binary had an insecure relative RPATH (runtime library
search path) set in the ELF (Executable and Linking Format) header. A local
attacker able to convince another user to run Adobe Reader in an
attacker-controlled directory could run arbitrary code with the privileges
of the victim. (CVE-2008-4815)
All acroread users are advised to upgrade to these updated packages, that
contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | acroread-plugin | < 8.1.3-1.el5 | acroread-plugin-8.1.3-1.el5.i386.rpm |
RedHat | 5 | i386 | acroread | < 8.1.3-1.el5 | acroread-8.1.3-1.el5.i386.rpm |