-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.0862
         APSB23-12 : Security update available for Adobe InDesign
                             15 February 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe InDesign
Publisher:         Adobe
Operating System:  Windows
                   macOS
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-21593 CVE-2022-34248 CVE-2022-34247
                   CVE-2022-34246 CVE-2022-34245 CVE-2022-28851
                   CVE-2019-17221  

Original Bulletin: 
   https://helpx.adobe.com/security/products/indesign/apsb23-12.html

Comment: CVSS (Max):  5.5 CVE-2023-21593 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
         CVSS Source: Adobe
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Update Available for Adobe InDesign | APSB23-12

Bulletin ID                Date Published                Priority

APSB23-12                February 14, 2023                    3


Summary

Adobe has released a security update for Adobe InDesign. This update addresses
an important vulnerability. Successful exploitation could lead to application
denial-of-service.


Affected versions

Product             Affected version                     Platform

Adobe InDesign      ID18.1 and earlier version.          Windows and macOS

Adobe InDesign      ID17.4 and earlier version.          Windows and macOS


Solution

Adobe categorizes these updates with the following priority rating and
recommends users update their software installations via the Creative Cloud
desktop app updater, or by navigating to the InDesign Help menu and clicking
"Updates." For more information, please reference this help page .

Product           Updated version     Platform              Priority rating

Adobe InDesign    ID18.2              Windows and macOS     3

Adobe InDesign    ID17.4.1            Windows and macOS     3


For managed environments, IT administrators can use the Creative Cloud Packager
to create deployment packages. Refer to this help page for more information.

Vulnerability Details

Vulnerability   Vulnerability             CVSS
  Category         Impact       Severity  base    CVSS vector      CVE Number
                                          score

NULL Pointer  Application                       CVSS:3.1/AV:L/
Dereference   denial-of-service Important 5.5   AC:L/PR:N/UI:R/  CVE-2023-21593
(CWE-476)                                       S:U/C:N/I:N/A:H


Acknowledgments

Adobe would like to thank the following researcher for reporting this issue and
for working with Adobe to help protect our customers:

  o CHEN QINGYANG (yjdfy) - CVE-2023-21593


Revisions:

  o July 13, 2022: Bulletin APSB22-30 revised to include (CVE-2022-34245,
    CVE-2022-34246, CVE-2022-34247, CVE-2022-34248)
  o July 16, 2022: Changed CVE-2022-28851 to 3rd party open-source library
    vulnerability PhantomJS CVE-2019-17221

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY+w2xMkNZI30y1K9AQjDNw/+OBl2c2Hgdu7TL5IIH/g7fovSDEMmLHgD
b93pZpIz1SvsX1ytWNj3dQnb+FqlyR0ESk3r/cOWLSqkfnbJllGindEjBzFkxIUh
hrSebH2yPCi2p7wRPxO0oHD37xWdY/9xXAJ/1adVNRY1RFv9D6EcZOltabJYQur3
XZjFuvrxJW/YuxFNX1oyzkYQo9Zh106VPb/D4Hz42hYOv3DPbxfGcD6vF4gk8ogO
7P5TRsmD4En4kLfCK0ROXZThvzLQz+Dm8m2BCQGX88GkguCpoutG4pRHEMGDOeNn
Zd0IvOy+ezlcQZmwvPAIZazVxHuPtKtJbOdhhcYqj2oKnYk+bRtqctXzh7R4VOOr
K97H/DsAcekA8YAEPhYOtHTxDTd7bPlAj5ayRnsRyHm+dx2xSf99Aogpm4BD4IrJ
A3t5t/+gke6ZL9WLcnR3YUYKtimcKupn8ZbThjhSQeQNaYW5tJydKPt7imODmhU5
cIw3UFAQL2xXiH1gOipgI2y51kj92YCrJg3sDgLyn2IYPWLKCubG2K9iGB66eCZ4
ZTQLKZPgxw/c03szrok3d0yo57eHSHYuwSKYqW+fIXEO/w2aeFSMiUoyVi5CVwL2
uuIvCR+2Bd4h9sQNUSpdAu9hthNyIGcQKpZvsmVcvYF9TCiXsPY+I8sEE1+yT72E
ULmbjBki8yg=
=CmYV
-----END PGP SIGNATURE-----