64 lines
2.2 KiB
XML
64 lines
2.2 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
|
|
<glsa id="200311-02">
|
|
<title>Opera: buffer overflows in 7.11 and 7.20</title>
|
|
<synopsis>
|
|
Buffer overflows exist in Opera 7.11 and 7.20 that can cause Opera to crash,
|
|
and can potentially overwrite arbitrary bytes on the heap leading to a
|
|
system compromise.
|
|
</synopsis>
|
|
<product type="ebuild">Opera</product>
|
|
<announced>2003-11-19</announced>
|
|
<revised>2003-11-19: 01</revised>
|
|
<bug>31775</bug>
|
|
<access>local / remote</access>
|
|
<affected>
|
|
<package name="www-client/opera" auto="yes" arch="*">
|
|
<unaffected range="ge">7.21</unaffected>
|
|
<vulnerable range="eq">7.20</vulnerable>
|
|
<vulnerable range="eq">7.11</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
Opera is a multi-platform web browser.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
The Opera browser can cause a buffer allocated on the heap to overflow under
|
|
certain HREFs when rendering HTML. The mail system is also deemed
|
|
vulnerable and an attacker can send an email containing a malformed HREF, or
|
|
plant the malicious HREF on a web site.
|
|
</p>
|
|
</description>
|
|
<impact type="high">
|
|
<p>
|
|
Certain HREFs can cause a buffer allocated on the heap to overflow when
|
|
rendering HTML which can allow arbitrary bytes on the heap to be overwritten
|
|
which can result in a system compromise.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no known workaround at this time.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
Users are encouraged to perform an 'emerge sync' and upgrade the package
|
|
to the latest available version. Opera 7.22 is recommended as Opera 7.21 is
|
|
vulnerable to other security flaws. Specific steps to upgrade:
|
|
</p>
|
|
<code>
|
|
# emerge sync
|
|
# emerge -pv '>=www-client/opera-7.22'
|
|
# emerge '>=www-client/opera-7.22'
|
|
# emerge clean</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0870">CAN-2003-0870</uri>
|
|
<uri link="http://www.atstake.com/research/advisories/2003/a102003-1.txt">@stake Security Advisory</uri>
|
|
</references>
|
|
</glsa>
|