1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- --------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02 |
7 |
- --------------------------------------------------------------------------- |
8 |
|
9 |
GLSA: 200311-02 |
10 |
package: net-www/opera |
11 |
summary: Buffer overflows in Opera 7.11 and 7.20 |
12 |
severity: high |
13 |
Gentoo bug: 31775 |
14 |
date: 2003-11-19 |
15 |
CVE: CAN-2003-0870 |
16 |
exploit: local / remote |
17 |
affected: =7.11 |
18 |
affected: =7.20 |
19 |
fixed: >=7.21 |
20 |
|
21 |
DESCRIPTION: |
22 |
|
23 |
The Opera browser can cause a buffer allocated on the heap to overflow under |
24 |
certain HREFs when rendering HTML. The mail system is also deemed vulnerable |
25 |
and an attacker can send an email containing a malformed HREF, or plant the |
26 |
malicious HREF on a web site. |
27 |
|
28 |
Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for |
29 |
further details. |
30 |
|
31 |
SOLUTION: |
32 |
|
33 |
Users are encouraged to perform an 'emerge --sync' and upgrade the package to |
34 |
the latest available version. Opera 7.22 is recommended as Opera 7.21 is |
35 |
vulnerable to other security flaws. Specific steps to upgrade: |
36 |
|
37 |
emerge --sync |
38 |
emerge '>=net-www/opera-7.22' |
39 |
emerge clean |
40 |
|
41 |
-----BEGIN PGP SIGNATURE----- |
42 |
Version: GnuPG v1.2.3 (Darwin) |
43 |
|
44 |
iD8DBQE/vG7lnt0v0zAqOHYRAiqZAJ0SkxOXShPDgAKDnSpQcJAwp39ysQCbBMwN |
45 |
Tv2P8JB4G1UihepXXX9fW8U= |
46 |
=YHh4 |
47 |
-----END PGP SIGNATURE----- |