Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Thu, 16 Jun 2011 10:29:48 +0200
Type : VULN
Sujet : CERT-Renater : 2011/VULN441 (Adobe : Security updates available for Adobe Reader and Acrobat)
====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN441
_____________________________________________________________________

DATE                      : 16/06/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Adobe Reader versions X, 9,
                                                                  8.

======================================================================
http://www.adobe.com/support/security/bulletins/apsb11-16.html
_______________________________________________________________________

Security updates available for Adobe Reader and Acrobat

   Release date: June 14, 2011
   Last updated: June 15, 2011

   Vulnerability identifier: APSB11-16

   CVE numbers: CVE-2011-2094, CVE-2011-2095, CVE-2011-2096,
   CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2100,
   CVE-2011-2101, CVE-2011-2102, CVE-2011-2103, CVE-2011-2104,
   CVE-2011-2105, CVE-2011-2106

   Platform: Windows and Macintosh

Summary

   Critical vulnerabilities have been identified in Adobe Reader X
   (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and
   earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and
   earlier versions for Windows and Macintosh. These vulnerabilities could
   cause the application to crash and potentially allow an attacker to
   take control of the affected system.

   These updates also incorporate the Adobe Flash Player updates as noted
   in Security Bulletin APSB11-12 and Security Bulletin APSB11-13.
   The update for Adobe Reader X (10.x) for Windows also incorporate the
   updates previously addressed in all other supported versions of Adobe
   Reader and Acrobat as noted in Security Bulletin
   APSB11-06andSecurity Bulletin APSB11-08.

   Adobe recommends users of Adobe Reader X (10.0.3) and earlier versions
   for Windows and Macintosh update to Adobe Reader X (10.1). For users of
   Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who
   cannot update to Adobe Reader X (10.1), Adobe has made available
   updates, Adobe Reader 9.4.5 and Adobe Reader 8.3. Adobe recommends
   users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to
   Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4
   and earlier versions for Windows and Macintosh update to Adobe Acrobat
   9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for
   Windows and Macintosh update to Adobe Acrobat 8.3.

   The next quarterly security updates for Adobe Reader and Acrobat are
   currently scheduled for September 13, 2011.

Affected software versions

     * Adobe Reader X (10.0.1) and earlier 10.x versions for Windows
     * Adobe Reader X (10.0.3) and earlier 10.x versions for Macintosh
     * Adobe Reader 9.4.4 and earlier 9.x versions for Windows and
       Macintosh
     * Adobe Reader 8.2.6 and earlier 8.x versions for Windows and
       Macintosh
     * Adobe Acrobat X (10.0.3) and earlier 10.x versions for Windows and
       Macintosh
     * Adobe Acrobat 9.4.4 and earlier 9.x versions for Windows and
       Macintosh
     * Adobe Acrobat 8.2.6 and earlier 8.x versions for Windows and
       Macintosh

Solution

   Adobe recommends users update their software installations by following
   the instructions below:

   Adobe Reader
   Users can utilize the product's update mechanism. The default
   configuration is set to run automatic update checks on a regular
   schedule. Update checks can be manually activated by choosing Help >
   Check for Updates.

   Adobe Reader users on Windows can also find the appropriate update
   here:
   http://www.adobe.com/support/downloads/product.jsp?product&platf
   orm=Windows.

   Adobe Reader users on Macintosh can also find the appropriate update
   here:
   http://www.adobe.com/support/downloads/product.jsp?product&platf
   orm=Macintosh.

   Adobe Acrobat
   Users can utilize the product's update mechanism. The default
   configuration is set to run automatic update checks on a regular
   schedule. Update checks can be manually activated by choosing Help >
   Check for Updates.

   Acrobat Standard and Pro users on Windows can also find the appropriate
   update here:
   http://www.adobe.com/support/downloads/product.jsp?product=1&platfo
   rm=Windows.

   Acrobat Pro Extended users on Windows can also find the appropriate
   update here:
   http://www.adobe.com/support/downloads/product.jsp?product8&plat
   form=Windows.

   Acrobat 3D users on Windows can also find the appropriate update here:
   http://www.adobe.com/support/downloads/product.jsp?product2&plat
   form=Windows.

   Acrobat Pro users on Macintosh can also find the appropriate update
   here:
   http://www.adobe.com/support/downloads/product.jsp?product=1&platfo
   rm=Macintosh.

Severity rating

   Adobe categorizes these as critical updates and recommends that
   users apply the latest updates for their product installations by
   following the instructions in the "Solution" section above.

Details

   Critical vulnerabilities have been identified in Adobe Reader X
   (10.0.1) and earlier versions for Windows, Adobe Reader X (10.0.3) and
   earlier versions for Macintosh, and Adobe Acrobat X (10.0.3) and
   earlier versions for Windows and Macintosh. These vulnerabilities could
   cause the application to crash and potentially allow an attacker to
   take control of the affected system.

   Adobe recommends users of Adobe Reader X (10.x) and earlier versions
   for Windows and Macintosh update to Adobe Reader X (10.1). For users of
   Adobe Reader 9.4.4 and earlier versions for Windows and Macintosh, who
   cannot update to Adobe Reader X (10.1), Adobe has made available
   updates, Adobe Reader 9.4.5 and Adobe Reader 8.3. Adobe recommends
   users of Adobe Acrobat X (10.0.3) for Windows and Macintosh update to
   Adobe Acrobat X (10.1). Adobe recommends users of Adobe Acrobat 9.4.4
   and earlier versions for Windows and Macintosh update to Adobe Acrobat
   9.4.5, and users of Adobe Acrobat 8.2.6 and earlier versions for
   Windows and Macintosh update to Adobe Acrobat 8.3.

   These updates resolve a buffer overflow vulnerability that could lead
   to code execution (CVE-2011-2094).

   These updates resolve a buffer overflow vulnerability that could lead
   to code execution (CVE-2011-2095).

   These updates resolve a heap overflow vulnerability that could lead to
   code execution (CVE-2011-2096).

   These updates resolve a buffer overflow vulnerability that could lead
   to code execution (CVE-2011-2097).

   These updates resolve a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2098).

   These updates resolve a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2099).

   These updates resolve a DLL loading vulnerability that could lead to
   code execution (CVE-2011-2100).

   These updates resolve a cross document script execution vulnerability
   that could lead to code execution (CVE-2011-2101).

   These updates resolve a security bypass vulnerability (CVE-2011-2102).
   Note: Update is for Adobe Reader and Acrobat X (10.x) only.

   These updates resolve a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2103).
   Note: Affects 8.x versions only.

   These updates resolve a memory corruption denial of service
   (CVE-2011-2104).

   These updates resolve a memory corruption (CVE-2011-2105).

   These updates resolve a memory corruption vulnerability that could lead
   to code execution (Macintosh only) (CVE-2011-2106).

   These updates also incorporate the Adobe Flash Player update as noted
   in Security Bulletin APSB11-12 and Security Bulletin APSB11-13.
   The update for Adobe Reader X (10.x) for Windows also incorporate the
   updates previously addressed in all other supported versions of Adobe
   Reader and Acrobat as noted in Security Bulletin APSB11-06 and
   Security Bulletin APSB11-08.

   The next quarterly security updates for Adobe Reader and Acrobat are
   currently scheduled for September 13, 2011.

Acknowledgements

   Adobe would like to thank the following individuals and organizations
   for reporting the relevant issues and for working with Adobe to help
   protect our customers:
     * An anonymous reporter through TippingPoint's Zero Day
       Initiative (CVE-2011-2094)
     * An anonymous reporter through TippingPoint's Zero Day
       Initiative (CVE-2011-2095)
     * Tarjei Mandt of Norman (CVE-2011-2096, CVE-2011-2099)
     * Secunia Research (CVE-2011-2097)
     * Rodrigo Rubira Branco (CVE-2011-2098)
     * Mila Parkour (CVE-2011-2100)
     * Billy Rios from the Google Security Team (CVE-2011-2101)
     * Christian Navarrete of IntruDefense Labs (CVE-2011-2102)
     * Tavis Ormandy of the Google Security Team (CVE-2011-2103)
     * Brett Gervasoni of Sense of Security (CVE-2011-2104)
     * Will Dormann of CERT (CVE-2011-2105)
     * James Quirk of Los Alamos, New Mexico (CVE-2011-2106)

Revisions

   June 15, 2011 - Updated with Adobe Reader X (10.x) for Windows
   information.
   June 14, 2011 - Bulletin released.

   Copyright 2011 Adobe Systems Incorporated. All rights reserved.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================

[An attachment of type application/pkcs7-signature was included here]