Adobe Out-of-Band Patches, was Re: Quarantining
Tom Buskey
tom at buskey.name
Sat Aug 21 07:39:20 EDT 2010
Luckily, Acrobat Reader isn't the only way to read PDFs. The PDF spec is
open (enough?) so others can write readers.
On Unixen we have evince, xpdf and even ghostscript. On Windows, I've used
Foxit. MacOSX has DisplayPDF and its own viewer. Of course, Foxit and
MacOSX have had recent vulnerabilities too. But at least they're different
from Acrobat.
On Fri, Aug 20, 2010 at 7:58 PM, Ted Roche <tedroche at tedroche.com> wrote:
> Just to fan the fires,
>
> --Adobe Releases Out-of-Cycle Updates for Reader and Acrobat
> (August 17 & 18, 2010)
> Adobe has issued out of-cycle updates for Reader and Acrobat to address
> vulnerabilities disclosed last month at the Black Hat Conference in Las
> Vegas. Users should upgrade to Adobe Reader 9.3.34 for Windows, Mac and
> Unix; Adobe Acrobat 9.3.4 for Windows and Mac; Adobe Reader and Acrobat
> 8.2.4 (cross-platform). Although Adobe was not scheduled to release
> security updates until October 12, 2010, the company decided these
> vulnerabilities were too critical to wait that long.
> http://www.theregister.co.uk/2010/08/18/adobe_out_of_band_security_update/
>
> http://www.computerworld.com/s/article/9180959/Adobe_rushes_update_to_patch_critical_Reader_bugs?taxonomyId=82
> http://www.adobe.com/support/security/bulletins/apsb10-17.html
>
> Thanks to the SANS newsletter, who say:
>
> Please feel free to share this with interested parties via email, but
> no posting is allowed on web sites. For a free subscription, (and for
> free posters) or to update a current subscription, visit
> http://portal.sans.org/
>
> (And I've heard reports from at least two users who updated Acrobat and now
> are unable to get the application to run, so caveat emptor: plan for some
> backups/snapshots/restore points before you "update")
>
> --
>
> Ted Roche
> Ted Roche & Associates, LLC
> http://www.tedroche.com
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20100821/2ea126a2/attachment.html
More information about the gnhlug-discuss
mailing list