N/A - RHSA-2013:1402

Executive Summary

Summary
Title	Adobe Reader - notification of end of updates

Informations
Name	RHSA-2013:1402	First vendor Publication	2013-10-02
Vendor	RedHat	Last vendor Modification	2013-10-02
Severity (Vendor)	Important	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	Not Defined	Attack Range	Not Defined
Cvss Impact Score	Not Defined	Attack Complexity	Not Defined
Cvss Expoit Score	Not Defined	Authentication	Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated acroread packages that disable the Adobe Reader web browser plug-in are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Adobe Reader 9 reached the end of its support cycle on June 26, 2013, and will not receive any more security updates. Future versions of Adobe Acrobat Reader will not be available with Red Hat Enterprise Linux.

The Adobe Reader packages in the Red Hat Network (RHN) channels will continue to be available. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to the Adobe Reader packages.

This update disables the Adobe Reader web browser plug-in, which is available via the acroread-plugin package, to prevent the exploitation of security issues without user interaction when a user visits a malicious web page.

4. Solution:

Red Hat advises users to reconsider further use of Adobe Reader for Linux, as it may contain known, unpatched security issues. Alternative PDF rendering software, such as Evince and KPDF (part of the kdegraphics package) in Red Hat Enterprise Linux 5, or Evince and Okular (part of the kdegraphics package) in Red Hat Enterprise Linux 6, should be considered. These packages will continue to receive security fixes.

Red Hat will no longer provide security updates to these packages and recommends that customers not use this application on Red Hat Enterprise Linux effective immediately.

5. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386: acroread-9.5.5-2.el5_10.i386.rpm acroread-plugin-9.5.5-2.el5_10.i386.rpm

x86_64: acroread-9.5.5-2.el5_10.i386.rpm acroread-plugin-9.5.5-2.el5_10.i386.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386: acroread-9.5.5-2.el5_10.i386.rpm acroread-plugin-9.5.5-2.el5_10.i386.rpm

x86_64: acroread-9.5.5-2.el5_10.i386.rpm acroread-plugin-9.5.5-2.el5_10.i386.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386: acroread-9.5.5-1.el6_4.1.i686.rpm acroread-plugin-9.5.5-1.el6_4.1.i686.rpm

x86_64: acroread-9.5.5-1.el6_4.1.i686.rpm acroread-plugin-9.5.5-1.el6_4.1.i686.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386: acroread-9.5.5-1.el6_4.1.i686.rpm acroread-plugin-9.5.5-1.el6_4.1.i686.rpm

x86_64: acroread-9.5.5-1.el6_4.1.i686.rpm acroread-plugin-9.5.5-1.el6_4.1.i686.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386: acroread-9.5.5-1.el6_4.1.i686.rpm acroread-plugin-9.5.5-1.el6_4.1.i686.rpm

x86_64: acroread-9.5.5-1.el6_4.1.i686.rpm acroread-plugin-9.5.5-1.el6_4.1.i686.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package