diff options
Diffstat (limited to 'metadata/glsa/glsa-200811-01.xml')
| -rw-r--r-- | metadata/glsa/glsa-200811-01.xml | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200811-01.xml b/metadata/glsa/glsa-200811-01.xml new file mode 100644 index 000000000000..4750703983a3 --- /dev/null +++ b/metadata/glsa/glsa-200811-01.xml @@ -0,0 +1,126 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200811-01"> + <title>Opera: Multiple vulnerabilities</title> + <synopsis> + Multiple vulnerabilities have been discovered in Opera, allowing for the + execution of arbitrary code. + </synopsis> + <product type="ebuild">opera</product> + <announced>2008-11-03</announced> + <revised count="01">2008-11-03</revised> + <bug>235298</bug> + <bug>240500</bug> + <bug>243060</bug> + <bug>244980</bug> + <access>remote</access> + <affected> + <package name="www-client/opera" auto="yes" arch="*"> + <unaffected range="ge">9.62</unaffected> + <vulnerable range="lt">9.62</vulnerable> + </package> + </affected> + <background> + <p> + Opera is a fast web browser that is available free of charge. + </p> + </background> + <description> + <p> + Multiple vulnerabilities have been discovered in Opera: + </p> + <ul> + <li>Opera does not restrict the ability of a framed web page to change + the address associated with a different frame (CVE-2008-4195).</li> + <li>Chris Weber (Casaba Security) discovered a Cross-site scripting + vulnerability (CVE-2008-4196).</li> + <li>Michael A. Puls II discovered + that Opera can produce argument strings that contain uninitialized + memory, when processing custom shortcut and menu commands + (CVE-2008-4197).</li> + <li>Lars Kleinschmidt discovered that Opera, when + rendering an HTTP page that has loaded an HTTPS page into a frame, + displays a padlock icon and offers a security information dialog + reporting a secure connection (CVE-2008-4198).</li> + <li>Opera does not + prevent use of links from web pages to feed source files on the local + disk (CVE-2008-4199).</li> + <li>Opera does not ensure that the address + field of a news feed represents the feed's actual URL + (CVE-2008-4200).</li> + <li>Opera does not check the CRL override upon + encountering a certificate that lacks a CRL (CVE-2008-4292).</li> + <li>Chris (Matasano Security) reported that Opera may crash if it is + redirected by a malicious page to a specially crafted address + (CVE-2008-4694).</li> + <li>Nate McFeters reported that Opera runs Java + applets in the context of the local machine, if that applet has been + cached and a page can predict the cache path for that applet and load + it from the cache (CVE-2008-4695).</li> + <li>Roberto Suggi Liverani + (Security-Assessment.com) reported that Opera's History Search results + does not escape certain constructs correctly, allowing for the + injection of scripts into the page (CVE-2008-4696).</li> + <li>David + Bloom reported that Opera's Fast Forward feature incorrectly executes + scripts from a page held in a frame in the outermost page instead of + the page the JavaScript URL was located (CVE-2008-4697).</li> + <li>David + Bloom reported that Opera does not block some scripts when previewing a + news feed (CVE-2008-4698).</li> + <li>Opera does not correctly sanitize + content when certain parameters are passed to Opera's History Search, + allowing scripts to be injected into the History Search results page + (CVE-2008-4794).</li> + <li>Opera's links panel incorrectly causes + scripts from a page held in a frame to be executed in the outermost + page instead of the page where the URL was located + (CVE-2008-4795).</li> + </ul> + </description> + <impact type="normal"> + <p> + These vulnerabilties allow remote attackers to execute arbitrary code, + to run scripts injected into Opera's History Search with elevated + privileges, to inject arbitrary web script or HTML into web pages, to + manipulate the address bar, to change Opera's preferences, to determine + the validity of local filenames, to read cache files, browsing history, + and subscribed feeds or to conduct other attacks. + </p> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All Opera users should upgrade to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.62"</code> + </resolution> + <references> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4195">CVE-2008-4195</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4196">CVE-2008-4196</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197">CVE-2008-4197</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4198">CVE-2008-4198</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4199">CVE-2008-4199</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4200">CVE-2008-4200</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4292">CVE-2008-4292</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4694">CVE-2008-4694</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4695">CVE-2008-4695</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4696">CVE-2008-4696</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4697">CVE-2008-4697</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4698">CVE-2008-4698</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4794">CVE-2008-4794</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4795">CVE-2008-4795</uri> + </references> + <metadata tag="submitter" timestamp="2008-10-13T21:25:07Z"> + keytoaster + </metadata> + <metadata tag="bugReady" timestamp="2008-11-03T18:39:54Z"> + keytoaster + </metadata> +</glsa> |