Alert GCSA-19122 - Aggiornamento di sicurezza per prodotti Adobe
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-19122
Data: 12 Dicembre 2019
Titolo: Aggiornamenti di sicurezza per prodotti Adobe
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato un aggiornamento di sicurezza
che risolve numerose vulnerabilita' presenti nei prodotti Adobe Acrobat
e Reader (Windows and macOS), Photoshop (Windows and macOS), Brackets
(Windows, Linux e macOS), Coldfusion (tutte le piattaforme).
Per una descrizione completa della vulnerabilita' consultare
le segnalazioni ufficiali alla sezione "Riferimenti".
:: Software interessato
(macOS & windows) Acrobat DC e Acrobat Reader DC versioni precedenti
alla 2019.021.20058
(macOS & Windows) Acrobat 2017 e Acrobat Reader DC 2017 versioni
precedenti alla 2017.011.30156
(macOS & Windows) Acrobat DC Classic 2015 e Acrobat Reader DC (Classic
2015) versioni precedenti alla 2015.006.30508
(macOS & Windows) Adobe Phostoshop CC versioni precedenti alla 20.0.8 e
21.0.2
(Linux & macOS & Windows) Brackets versioni precedenti alla 1.14.1
(ALL) Coldfusion 2018 versioni precedenti alla Update 7
:: Impatto
Privilege escalation
Esecuzione remota di codice arbitrario
Esposizione informazioni sensibili
:: Soluzioni
Aggiornare i software alle ultime versioni.
E' possibile utilizzare la funzione di aggiornamento automatico.
Il controllo aggiornamenti puo' essere attivato manualmente
dal menu '?' scegliere l'opzione 'Ricerca aggiornamenti' .
:: Riferimenti
Adobe Security Bulletins
https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/acrobat/apsb19-55.html
https://helpx.adobe.com/security/products/acrobat/apsb19-56.html
https://helpx.adobe.com/security/products/acrobat/apsb19-57.html
https://helpx.adobe.com/security/products/acrobat/apsb19-58.html
US-CERT
https://www.us-cert.gov/ncas/current-activity/2019/12/10/adobe-releases-security-updates
CERT Nazionale
https://www.certnazionale.it/news/2019/12/11/aggiornamenti-di-sicurezza-per-acrobat-reader-photoshop-e-altri-prodotti-adobe/
CERT-PA
https://www.cert-pa.it/notizie/rilascio-aggiornamenti-di-sicurezza-microsoft-adobe-e-chrome-dicembre-2019/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8256
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXfI0wgAKCRDBnEyTZRJg
QttTAJ9Z7F/xe6qOpLIOJ+TWbRhCNhPUXACgrZwytCjaTLLqNOoJXD0BgHU2KOo=
=id2z
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-19122
Data: 12 Dicembre 2019
Titolo: Aggiornamenti di sicurezza per prodotti Adobe
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato un aggiornamento di sicurezza
che risolve numerose vulnerabilita' presenti nei prodotti Adobe Acrobat
e Reader (Windows and macOS), Photoshop (Windows and macOS), Brackets
(Windows, Linux e macOS), Coldfusion (tutte le piattaforme).
Per una descrizione completa della vulnerabilita' consultare
le segnalazioni ufficiali alla sezione "Riferimenti".
:: Software interessato
(macOS & windows) Acrobat DC e Acrobat Reader DC versioni precedenti
alla 2019.021.20058
(macOS & Windows) Acrobat 2017 e Acrobat Reader DC 2017 versioni
precedenti alla 2017.011.30156
(macOS & Windows) Acrobat DC Classic 2015 e Acrobat Reader DC (Classic
2015) versioni precedenti alla 2015.006.30508
(macOS & Windows) Adobe Phostoshop CC versioni precedenti alla 20.0.8 e
21.0.2
(Linux & macOS & Windows) Brackets versioni precedenti alla 1.14.1
(ALL) Coldfusion 2018 versioni precedenti alla Update 7
:: Impatto
Privilege escalation
Esecuzione remota di codice arbitrario
Esposizione informazioni sensibili
:: Soluzioni
Aggiornare i software alle ultime versioni.
E' possibile utilizzare la funzione di aggiornamento automatico.
Il controllo aggiornamenti puo' essere attivato manualmente
dal menu '?' scegliere l'opzione 'Ricerca aggiornamenti' .
:: Riferimenti
Adobe Security Bulletins
https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/acrobat/apsb19-55.html
https://helpx.adobe.com/security/products/acrobat/apsb19-56.html
https://helpx.adobe.com/security/products/acrobat/apsb19-57.html
https://helpx.adobe.com/security/products/acrobat/apsb19-58.html
US-CERT
https://www.us-cert.gov/ncas/current-activity/2019/12/10/adobe-releases-security-updates
CERT Nazionale
https://www.certnazionale.it/news/2019/12/11/aggiornamenti-di-sicurezza-per-acrobat-reader-photoshop-e-altri-prodotti-adobe/
CERT-PA
https://www.cert-pa.it/notizie/rilascio-aggiornamenti-di-sicurezza-microsoft-adobe-e-chrome-dicembre-2019/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8256
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXfI0wgAKCRDBnEyTZRJg
QttTAJ9Z7F/xe6qOpLIOJ+TWbRhCNhPUXACgrZwytCjaTLLqNOoJXD0BgHU2KOo=
=id2z
-----END PGP SIGNATURE-----