Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 14 Oct 2015 18:07:47 +0200
Type : VULN
Sujet : CERT-Renater : 2015/VULN217 (Adobe : Security Updates Available for Adobe Acrobat and Reader)
===================================================================
                                      CERT-Renater

                          Note d'Information No. 2015/VULN217
_____________________________________________________________________

DATE                : 14/10/2015

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Acrobat, Adobe Reader
                      versions prior to 10.1.16, 11.0.13, 2015.006.30094,
                                2015.009.20069.

======================================================================
https://helpx.adobe.com/security/products/acrobat/apsb15-24.html
_____________________________________________________________________

Security Updates Available for Adobe Acrobat and Reader

Release date: October 13, 2015

Vulnerability identifier: APSB15-24

Priority: See table below

CVE Numbers: CVE-2015-5583, CVE-2015-5586, CVE-2015-6683,
CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687,
CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691,
CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695,
CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699,
CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703,
CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707,
CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711,
CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715,
CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719,
CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723,
CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, 
CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619,
CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623,
CVE-2015-7624


Platform: Windows and Macintosh

Summary

Adobe has released security updates for Adobe Acrobat and Reader for
Windows and Macintosh. These updates address critical vulnerabilities
that could potentially allow an attacker to take control of the
affected system.


Affected Versions

Product    Track   Affected Versions    Platform

Acrobat DC 	   Continuous 	2015.008.20082 and earlier versions 	
                                         Windows and Macintosh

Acrobat Reader DC  Continuous 	2015.008.20082 and earlier versions 
                      Windows and Macintosh

Acrobat DC         Classic 	2015.006.30060 and earlier versions
                                         Windows and Macintosh

Acrobat Reader DC  Classic 	2015.006.30060 and earlier versions
                                         Windows and Macintosh

Acrobat XI         Desktop 	11.0.12 and earlier versions
                                         Windows and Macintosh

Reader XI          Desktop 	11.0.12 and earlier versions
                                         Windows and Macintosh

Acrobat X          Desktop 	10.1.15 and earlier versions
                                         Windows and Macintosh

Reader X           Desktop 	10.1.15 and earlier versions
                                         Windows and Macintosh


For questions regarding Acrobat DC, please visit the Acrobat DC FAQ
page. For questions regarding Acrobat Reader DC, please visit the
Acrobat Reader DC FAQ page.


Solution

Adobe recommends users update their software installations to the
latest versions by following the instructions below.

The latest product versions are available to end users via one of the
following methods:

Users can update their product installations manually by choosing Help
  > Check for Updates.

The products will update automatically, without requiring user
intervention, when updates are detected.

The full Acrobat Reader installer can be downloaded from the Acrobat
Reader Download Center.

For IT administrators (managed environments):

Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/,
or refer to the specific release note version for links to installers.

Install updates via your preferred methodology, such as AIP-GPO,
bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote
Desktop and SSH.


Product   Track  Updated Versions  Platform  Priority Rating
                                                             Availability

Acrobat DC         Continuous   2015.009.20069  Windows and Macintosh 	
                                                 2      Windows Macintosh

Acrobat Reader DC  Continuous 	2015.009.20069 	Windows and Macintosh 	
                                                 2      Download Center
	
Acrobat DC 	Classic 	2015.006.30094	Windows and Macintosh
                                                 2      Windows Macintosh

Acrobat Reader DC Classic 	2015.006.30094 	Windows and Macintosh
                                                 2      Windows Macintosh

Acrobat XI 	Desktop 	11.0.13 	Windows and Macintosh 	
                                                2       Windows Macintosh

Reader XI 	Desktop 	11.0.13 	Windows and Macintosh 	
                                               2 	      Windows Macintosh

Acrobat X 	Desktop 	10.1.16 	Windows and Macintosh 	
                                               2 	      Windows Macintosh

Reader X 	Desktop 	10.1.16 	Windows and Macintosh 	
                                               2 	      Windows Macintosh


Vulnerability Details

These updates resolve a buffer overflow vulnerability that could lead
to information disclosure (CVE-2015-6692).

These updates resolve use-after-free vulnerabilities that could lead to
code execution (CVE-2015-6689, CVE-2015-6688, CVE-2015-6690,
CVE-2015-7615, CVE-2015-7617, CVE-2015-6687, CVE-2015-6684,
CVE-2015-6691, CVE-2015-7621, CVE-2015-5586, CVE-2015-6683).

These updates resolve heap buffer overflow vulnerabilities that could
lead to code execution (CVE-2015-6696, CVE-2015-6698).

These updates resolve memory corruption vulnerabilities that could lead
to code execution (CVE-2015-6685, CVE-2015-6693, CVE-2015-6694,
CVE-2015-6695, CVE-2015-6686, CVE-2015-7622).

These updates resolve memory leak vulnerabilities (CVE-2015-6699,
CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703,
CVE-2015-6704, CVE-2015-6697).

These updates resolve security bypass vulnerabilities that could lead
to information disclosure (CVE-2015-5583, CVE-2015-6705, CVE-2015-6706,
CVE-2015-7624).

These updates resolve various methods to bypass restrictions on
Javascript API execution (CVE-2015-6707, CVE-2015-6708, CVE-2015-6709,
CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-7614,
CVE-2015-7616, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718,
CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722,
CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7618,
CVE-2015-7619, CVE-2015-7620, CVE-2015-7623, CVE-2015-6713,
CVE-2015-6714, CVE-2015-6715).


Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:

AbdulAziz Hariri of HP Zero Day Initiative (CVE-2015-6708,
CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712,
CVE-2015-7614, CVE-2015-7616, CVE-2015-6689, CVE-2015-6688,
CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, CVE-2015-6697,
CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695,
CVE-2015-6707)

AbdulAziz Hariri and Jasiel Spelman of HP Zero Day Initiative
(CVE-2015-5583, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701,
CVE-2015-6702, CVE-2015-6703, CVE-2015-6704)

Alex Infhr of Cure53.de (CVE-2015-6705, CVE-2015-6706)

Bill Finlayson of Vectra Networks (CVE-2015-6687)

bilou working with VeriSign iDefense Labs (CVE-2015-6684)

Brian Gorenc of HP Zero Day Initiative (CVE-2015-6686)

Francis Provencher from COSIG (CVE-2015-7622)

Jaanus Kp of Clarified Security working with HP's Zero Day Initiative
      (CVE-2015-6696, CVE-2015-6698)

Jack Tang of TrendMicro (CVE-2015-6692)

James Loureiro of MWR Labs (CVE-2015-6691)

Joel Brewer (CVE-2015-7624)

kdot working with HP's's Zero Day Initiative (CVE-2015-7621)

Matt Molinyawe and Jasiel Spelman of HP's Zero Day Initiative
(CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719,
CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723,
CVE-2015-6724, CVE-2015-6725, CVE-2015-7618, CVE-2015-7619,
CVE-2015-7620)

Matt Molinyawe of HP Zero Day Initiative (CVE-2015-7623)

WanderingGlitch of HP's Zero Day Initiative (CVE-2015-6713,
CVE-2015-6714, CVE-2015-6715)

Wei Lei and Wu Hongjun of Nanyang Technological University
(CVE-2015-5586)

Wei Lei, as well as Wu Hongjun of Nanyang Technological University
working with Verisign iDefense Labs (CVE-2015-6683)

AbdulAziz Hariri and Jasiel Spelman of HP Zero Day Initiative for
defense-in-depth contributions


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]