Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· Ruby Updates for Debian 7 LTS
· ASUS ROG Strix Scar Edition Laptop Review and more
· Gunicorn Security Update for Debian 7
· ClamAV, Quagga and 6 more updates for Gentoo
· Dune HD PRO 4K Premium Compact Media Player Review and more
· Gigabyte Aorus X470 Gaming 7 Wifi Review and more
· Libreoffice and Libsdl2-image Updates for Debian 8/9
· Chromium and Cfitsio Updates for openSUSE
· MySQL-5.5 Security Update for Debian 8
· AMD 2nd Gen Ryzen Reviews and more

Upcoming News
· Samsung 860 Pro SSD Review @ Vortez
· Raijintek Orcus 240 @ TechPowerUp
· Team Group Cardea Zero 240 GB @ TechPowerUp
· Guru3D Rig of the Month - January 2018
· Cooler Master MK750 Review @ Vortez
· Seagate Skyhawk 10TB SATA III HDD Review
· Vulkan Continues To Show Its Gaming Strength On Low-End Hardware
· Seagate IronWolf ST12000VN0007 12TB Hard Drive Review @ APH Networks
· Sennheiser Game One @ TechPowerUp
· be quiet! Straight Power 11 1000W Power Supply Review

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 1210 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 2386 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 4276 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 2880 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 4791 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » March 2009 » GLSA 200903-30 Opera: Multiple vulnerabilities

GLSA 200903-30 Opera: Multiple vulnerabilities

Posted by Bob on: 03/17/2009 01:25 AM [ Print | 0 comment(s) ]

A new security update has been released for Gentoo Linux - Opera: Multiple vulnerabilities. Here the announcement:




Gentoo Linux Security Advisory GLSA 200903-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Opera: Multiple vulnerabilities
Date: March 16, 2009
Bugs: #247229, #261032
ID: 200903-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were found in Opera, the worst of which allow
for the execution of arbitrary code.

Background
==========

Opera is a fast web browser that is available free of charge.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera lt; 9.64 gt;= 9.64

Description
===========

Multiple vulnerabilities were discovered in Opera:

* Vitaly McLain reported a heap-based buffer overflow when processing
host names in file:// URLs (CVE-2008-5178).

* Alexios Fakos reported a vulnerability in the HTML parsing engine
when processing web pages that trigger an invalid pointer calculation
and heap corruption (CVE-2008-5679).

* Red XIII reported that certain text-area contents can be
manipulated to cause a buffer overlow (CVE-2008-5680).

* David Bloom discovered that unspecified "scripted URLs" are not
blocked during the feed preview (CVE-2008-5681).

* Robert Swiecki of the Google Security Team reported a Cross-site
scripting vulnerability (CVE-2008-5682).

* An unspecified vulnerability reveals random data (CVE-2008-5683).

* Tavis Ormandy of the Google Security Team reported a vulnerability
when processing JPEG images that may corrupt memory (CVE pending).

Impact
======

A remote attacker could entice a user to open a specially crafted JPEG
image to cause a Denial of Service or execute arbitrary code, to
process an overly long file:// URL or to open a specially crafted web
page to execute arbitrary code. He could also read existing
subscriptions and force subscriptions to arbitrary feed URLs, as well
as inject arbitrary web script or HTML via built-in XSLT templates.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Opera users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose "gt;=www-client/opera-9.64"

References
==========

[ 1 ] CVE-2008-5178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5178
[ 2 ] CVE-2008-5679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5679
[ 3 ] CVE-2008-5680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5680
[ 4 ] CVE-2008-5681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5681
[ 5 ] CVE-2008-5682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5682
[ 6 ] CVE-2008-5683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5683

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200903-30.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Bookmark and Share

« AIM for Mac 1.5b1 · All Phenom Models »

Linux Compatible » News » March 2009 » GLSA 200903-30 Opera: Multiple vulnerabilities
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition