Adobe Reader 11.0.11/10.1.14

Van pdf-lezer Adobe Reader voor Windows en Mac zijn voor versie 10 (laatste versie voor Vista) en 11 de reguliere driemaandelijkse updates verschenen. Elk kwartaal brengt Adobe een nieuwe versie van zijn Reader uit. Deze keer is het een beveiligings- en onderhoudsupdate die 34 lekken dichtplakt. Verder worden nog tientallen fouten gerepareerd en optimalisaties doorgevoerd. Voor de nieuwe Adobe Acrobat Reader 2015 is voorzover bekend geen nieuwe versie uitgebracht.

De 34 beveiligingslekken die zijn gerepareerd, zijn ernstig en kunnen in het ergste geval ertoe leiden dat een aanvaller de controle over een computer op afstand overneemt. Verder zijn fouten op het gebied van pdf creatie, printen, beveiliging, formulieren, scans en meer opgelost. Ten slotte zijn de stabiliteit en prestaties van Adobe Reader 10 en 11 verbeterd. Details kun je hieronder nalezen.

Adobe Reader is te verkrijgen voor Windows en Mac OS X. Updaten gaat het makkelijkst met de ingebouwde update-functie van Adobe onder Help.

Uitgave opmerkingen:

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, CVE-2015-3075).

These updates resolve heap-based buffer overflow vulnerabilities that could lead to code execution (CVE-2014-9160).

These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-3048).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, 
CVE-2015-3057, CVE-2015-3070, CVE-2015-3076). 

These updates resolve a memory leak (CVE-2015-3058).  

These updates resolve various methods to bypass restrictions on Javascript API execution (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, 
CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, 
CVE-2015-3072, CVE-2015-3073, CVE-2015-3074).

These updates resolves a null-pointer dereference issue that could lead to a denial-of-service condition (CVE-2015-3047). 

These updates provide additional hardening to protect against CVE-2014-8452, a vulnerability in the handling of XML external entities that could lead to information disclosure. 

PDF creation

3688510: Links in excel file are not converted properly while creating its PDF.
3775740: Lotus Notes 9.0.1 gives overflow error when Acrobat pdfmaker 11.0.06 is installed.
3784788: Converting word document with PDF/A-1a settings changes the background color of image/logo.
3853699: PDFMaker creates wrong hierarchy of bookmarks.
3928949: Acrobat crashes on combining certain files.
3929617: The header section of a particular Word file is missing when the file is converted to PDF via PDFMaker.
3952917: Watermarks are not getting converted from Word to PDF with PDF/A-1a compliance.
3967774: When we convert a Word document that contains Image and Text in the Header, into PDF using PDF Maker, the text goes at the back of image or is hidden in the resultant PDF.
3967825: Graphic renders incorrectly when converting a word file to PDF.
3967845: A part of the Word document is not visible when creating the pdf.

SharePoint Integration

3811589: “Acrobat error Bad Parameter” is observed when trying to add a Digital ID pfx file from SharePoint server in Acrobat.

Forms

3679438: In a rich text field of a certain length with hyphenation activated text exceeds the field on the left if it’s a hyphenated word and a tab is inserted in that line of text.
3739811: FDF is not submitted until browser page is refreshed (F5) when using IE and Reader/Acrobat 11.0.6.

Actions and Batch

3779402: Encrypt Action gets skipped while applying them on XFA forms in Acrobat XI.

Security

3347254: The text of Japanese watermark added via LCRM became garbled characters in Reader on Mac.
3781478: Digitally signing the inner pdf doesn’t mark the file as “dirty”, so closing Acrobat doesn’t prompt for saving, and the Save menu item is disabled.
3923451: Acrobat blocks using national hashing algorithms in third-party DigSig plugins.
3934339: Signature Advanced Properties does not display the Hash Algorithm.
3949115: The revocationTime Entry in an OCSP Response is not Being Processed Correctly.
3954774: Dig Sig Validation is slowed down due to Address Book Size.

Scan

3839426: Recognize Text with Clearscan halts when renderable text is found.
3860498: Scanning options are not appearing in ICA window.

PrePress

3782274: Spot color swatches in Ink Manager display incorrectly on Mac OS.

Livecycle

3841688: Reader was not handling error responses in SOAP requests.
3856876: Some of the users are not able to open policy protected PDFs with SSO.
3859806: If the title of the First Capture button is long for a BIOMETRIC scanning, then the text in the button gets truncated.

Printing

3843533: Printing a file from Adobe PDF Printer, doesn’t prompt for file name and creates a .tmp file instead.

Miscellaneous

3701410: Some Button events on an interactive PDF do not work in full screen mode.
3772833: A PDF file that contains a PDF page embedded as an XObject of type EmbeddedFile crashes in Adobe Reader 11.0.6 and Acrobat Pro 11.
3860951: With PV On, Sendmail adds a tmp (or other non-PDF) attachment.
3939577: Adobe Acrobat/Reader XI does not show full-screen when rotate operation(90/270) is performed on Lenovo Ideapad Yoga 13.
3940908: Acrobat/Reader window goes blank on clicking “Open” button for certain languages.
3945503: When opening pdfs on Terminal Server 2003 relatively small pdfs (78kb) take 12+ seconds to open.
3948504: Acrobat hangs when document with bad Bookmarks is opened.
3960792: Acrobat becomes unresponsive with a digitizer pen if turning off flicks and ‘press and hold’ setting in Pen and Touch in Control Panel.