SuSE Update for acroread SUSE-SA:2008:009

Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
This version update to 8.1.2 fixes numerous bugs, including some security problems. While Adobe did not publish any details about those problems yet, third parties have listed some. The official Adobe page is: http://www.adobe.com/support/security/advisories/apsa08-01.html CVE-2008-0655: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. CVE-2008-0667: The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. CVE-2008-0726: Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. Packages for SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 are not yet available, since we cannot upgrade to Acrobat Reader 8 on those machines. As soon as a fixed Acrobat Reader 7 is released, they will receive updates.
Affected
acroread on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1
References