lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Aug 2012 20:15:16 +0200 From: Mateusz Jurczyk <j00ru.vx@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: New Adobe Reader fixes some, but not all known bugs Hey, We’ve been recently working on PDF fuzzing, and consequently found around 60 unique crashes in Adobe Reader (40 of which looked potentially exploitable), which we reported to Adobe. Today Adobe has released an update for Adobe Reader Windows and OS X (no Linux update available yet) with most, but not all vulnerabilities patched. Since we were informed that the vendor was not planning to release an out-of-band update anytime soon, and Adobe Reader for Linux users are left behind with no update at all (patch-diffing anyone?), not even a sandbox to mitigate the vulnerabilities, we decided to release a note discussing the issues and possible mitigations. You can read the note on either of our blogs: http://gynvael.coldwind.pl/?id=483 http://j00ru.vexillium.org/?p=1175 Regards, -- Mateusz "j00ru" Jurczyk, Gynvael Coldwind _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists