GLSA
Bodhisattva
Joined: 17 Apr 2002
Posts: 2602
Location: Baltimore, MD
|
 Posted: Mon Feb 14, 2005 8:48 pm Post subject: [ GLSA 200502-17 ] Opera: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Opera: Multiple vulnerabilities (GLSA 200502-17)
Severity: normal
Exploitable: remote
Date: February 14, 2005
Updated: December 30, 2007
Bug(s): #73871, #74076, #74321, #81747
ID: 200502-17
Synopsis
Opera is vulnerable to several vulnerabilities which could result in information disclosure and facilitate execution of arbitrary code.
Background
Opera is a multi-platform web browser.
Affected Packages
Package: www-client/opera
Vulnerable: < 7.54-r3
Unaffected: >= 7.54-r3
Architectures: All supported architectures
Description
Opera contains several vulnerabilities: - fails to properly validate Content-Type and filename.
- fails to properly validate date: URIs.
- uses kfmclient exec as the Default Application to handle downloaded files when integrated with KDE.
- fails to properly control frames.
- uses Sun Java packages insecurely.
- searches an insecure path for plugins.
Impact
An attacker could exploit these vulnerabilities to: - execute arbitrary code.
- load a malicious frame in the context of another browser session.
- leak information.
Workaround
There is no known workaround at this time.
Resolution
All Opera users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-7.54-r3" |
References
Opera Changelog for 7.54u1
Opera Changelog for 7.54u2
CVE-2004-1157
CVE-2004-1489
CVE-2004-1490
CVE-2004-1491
CVE-2005-0456
CVE-2005-0457
Last edited by GLSA on Mon Dec 31, 2007 4:17 am; edited 3 times in total |
|
News & Announcements
