[gentoo-announce] [ GLSA 200803-09 ] Opera: Multiple vulnerabilities - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200803-09 ] Opera: Multiple vulnerabilities
Date:	Tue, 04 Mar 2008 22:29:19
Message-Id:	`47CDD528.1090907@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200803-09

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: Normal

11

     Title: Opera: Multiple vulnerabilities

12

      Date: March 04, 2008

13

      Bugs: #210260

14

        ID: 200803-09

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Multiple vulnerabilities have been discovered in Opera, allowing for

22

file disclosure, privilege escalation and Cross-Site scripting.

23

24

Background

25

==========

26

27

Opera is a fast web browser that is available free of charge.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package           /  Vulnerable  /                     Unaffected

34

    -------------------------------------------------------------------

35

  1  www-client/opera       < 9.26                             >= 9.26

36

37

Description

38

===========

39

40

Mozilla discovered that Opera does not handle input to file form fields

41

properly, allowing scripts to manipulate the file path (CVE-2008-1080).

42

Max Leonov found out that image comments might be treated as scripts,

43

and run within the wrong security context (CVE-2008-1081). Arnaud

44

reported that a wrong representation of DOM attribute values of

45

imported XML documents allows them to bypass sanitization filters

46

(CVE-2008-1082).

47

48

Impact

49

======

50

51

A remote attacker could entice a user to upload a file with a known

52

path by entering text into a specially crafted form, to execute scripts

53

outside intended security boundaries and conduct Cross-Site Scripting

54

attacks.

55

56

Workaround

57

==========

58

59

There is no known workaround at this time.

60

61

Resolution

62

==========

63

64

All Opera users should upgrade to the latest version:

65

66

    # emerge --sync

67

    # emerge --ask --oneshot --verbose ">=www-client/opera-9.26"

68

69

References

70

==========

71

72

  [ 1 ] CVE-2008-1080

73

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1080

74

  [ 2 ] CVE-2008-1081

75

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1081

76

  [ 3 ] CVE-2008-1082

77

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1082

78

79

Availability

80

============

81

82

This GLSA and any updates to it are available for viewing at

83

the Gentoo Security Website:

84

85

  http://security.gentoo.org/glsa/glsa-200803-09.xml

86

87

Concerns?

88

=========

89

90

Security is a primary focus of Gentoo Linux and ensuring the

91

confidentiality and security of our users machines is of utmost

92

importance to us. Any security concerns should be addressed to

93

security@g.o or alternatively, you may file a bug at

94

http://bugs.gentoo.org.

95

96

License

97

=======

98

99

Copyright 2008 Gentoo Foundation, Inc; referenced text

100

belongs to its owner(s).

101

102

The contents of this document are licensed under the

103

Creative Commons - Attribution / Share Alike license.

104

105

http://creativecommons.org/licenses/by-sa/2.5

106

-----BEGIN PGP SIGNATURE-----

107

Version: GnuPG v2.0.7 (GNU/Linux)

108

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

109

110

iD8DBQFHzdUouhJ+ozIKI5gRAqoGAJ47fARNyjNN6tMh5+16Hm2KBadmUQCeL+CN

111

2+oHbJ2FRiLnzJ5Ein7ta7E=

112

=Lfy+

113

-----END PGP SIGNATURE-----

114

--

115

gentoo-announce@l.g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200803-09
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: Opera: Multiple vulnerabilities
12	Date: March 04, 2008
13	Bugs: #210260
14	ID: 200803-09
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Multiple vulnerabilities have been discovered in Opera, allowing for
22	file disclosure, privilege escalation and Cross-Site scripting.
23
24	Background
25	==========
26
27	Opera is a fast web browser that is available free of charge.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 www-client/opera < 9.26 >= 9.26
36
37	Description
38	===========
39
40	Mozilla discovered that Opera does not handle input to file form fields
41	properly, allowing scripts to manipulate the file path (CVE-2008-1080).
42	Max Leonov found out that image comments might be treated as scripts,
43	and run within the wrong security context (CVE-2008-1081). Arnaud
44	reported that a wrong representation of DOM attribute values of
45	imported XML documents allows them to bypass sanitization filters
46	(CVE-2008-1082).
47
48	Impact
49	======
50
51	A remote attacker could entice a user to upload a file with a known
52	path by entering text into a specially crafted form, to execute scripts
53	outside intended security boundaries and conduct Cross-Site Scripting
54	attacks.
55
56	Workaround
57	==========
58
59	There is no known workaround at this time.
60
61	Resolution
62	==========
63
64	All Opera users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=www-client/opera-9.26"
68
69	References
70	==========
71
72	[ 1 ] CVE-2008-1080
73	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1080
74	[ 2 ] CVE-2008-1081
75	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1081
76	[ 3 ] CVE-2008-1082
77	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1082
78
79	Availability
80	============
81
82	This GLSA and any updates to it are available for viewing at
83	the Gentoo Security Website:
84
85	http://security.gentoo.org/glsa/glsa-200803-09.xml
86
87	Concerns?
88	=========
89
90	Security is a primary focus of Gentoo Linux and ensuring the
91	confidentiality and security of our users machines is of utmost
92	importance to us. Any security concerns should be addressed to
93	security@g.o or alternatively, you may file a bug at
94	http://bugs.gentoo.org.
95
96	License
97	=======
98
99	Copyright 2008 Gentoo Foundation, Inc; referenced text
100	belongs to its owner(s).
101
102	The contents of this document are licensed under the
103	Creative Commons - Attribution / Share Alike license.
104
105	http://creativecommons.org/licenses/by-sa/2.5
106	-----BEGIN PGP SIGNATURE-----
107	Version: GnuPG v2.0.7 (GNU/Linux)
108	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
109
110	iD8DBQFHzdUouhJ+ozIKI5gRAqoGAJ47fARNyjNN6tMh5+16Hm2KBadmUQCeL+CN
111	2+oHbJ2FRiLnzJ5Ein7ta7E=
112	=Lfy+
113	-----END PGP SIGNATURE-----
114	--
115	gentoo-announce@l.g.o mailing list

Gentoo Archives: gentoo-announce