Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-announce
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-announce@g.o
From: Sean Amoss <ackle@g.o>
Subject: [ GLSA 201206-03 ] Opera: Multiple vulnerabilities
Date: Fri, 15 Jun 2012 13:38:41 -0400
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Opera: Multiple vulnerabilities
     Date: June 15, 2012
     Bugs: #264831, #283391, #290862, #293902, #294208, #294680,
           #308069, #324189, #325199, #326413, #332449, #348874,
           #352750, #367837, #373289, #381275, #386217, #387137,
           #393395, #409857, #415379, #421075
       ID: 201206-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Opera, the worst of which
allow for the execution of arbitrary code.

Background
==========

Opera is a fast web browser that is available free of charge.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/opera           < 12.00.1467            >= 12.00.1467

Description
===========

Multiple vulnerabilities have been discovered in Opera. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could entice a user to open a specially crafted web
page, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition. A remote
attacker may be able to: trick users into downloading and executing
arbitrary files, bypass intended access restrictions, spoof trusted
content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
information, force subscriptions to arbitrary feeds, bypass the popup
blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
have other unknown impact.

A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application or
possibly obtain sensitive information.

A physically proximate attacker may be able to access an email account.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Opera users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467"

References
==========

[   1 ] CVE-2009-1234
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234
[   2 ] CVE-2009-2059
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059
[   3 ] CVE-2009-2063
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063
[   4 ] CVE-2009-2067
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067
[   5 ] CVE-2009-2070
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070
[   6 ] CVE-2009-3013
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013
[   7 ] CVE-2009-3044
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044
[   8 ] CVE-2009-3045
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045
[   9 ] CVE-2009-3046
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046
[  10 ] CVE-2009-3047
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047
[  11 ] CVE-2009-3048
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048
[  12 ] CVE-2009-3049
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049
[  13 ] CVE-2009-3831
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831
[  14 ] CVE-2009-4071
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071
[  15 ] CVE-2009-4072
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072
[  16 ] CVE-2010-0653
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653
[  17 ] CVE-2010-1349
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349
[  18 ] CVE-2010-1989
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989
[  19 ] CVE-2010-1993
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993
[  20 ] CVE-2010-2121
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121
[  21 ] CVE-2010-2421
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421
[  22 ] CVE-2010-2455
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455
[  23 ] CVE-2010-2576
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576
[  24 ] CVE-2010-2658
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658
[  25 ] CVE-2010-2659
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659
[  26 ] CVE-2010-2660
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660
[  27 ] CVE-2010-2661
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661
[  28 ] CVE-2010-2662
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662
[  29 ] CVE-2010-2663
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663
[  30 ] CVE-2010-2664
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664
[  31 ] CVE-2010-2665
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665
[  32 ] CVE-2010-3019
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019
[  33 ] CVE-2010-3020
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020
[  34 ] CVE-2010-3021
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021
[  35 ] CVE-2010-4579
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579
[  36 ] CVE-2010-4580
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580
[  37 ] CVE-2010-4581
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581
[  38 ] CVE-2010-4582
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582
[  39 ] CVE-2010-4583
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583
[  40 ] CVE-2010-4584
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584
[  41 ] CVE-2010-4585
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585
[  42 ] CVE-2010-4586
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586
[  43 ] CVE-2011-0681
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681
[  44 ] CVE-2011-0682
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682
[  45 ] CVE-2011-0683
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683
[  46 ] CVE-2011-0684
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684
[  47 ] CVE-2011-0685
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685
[  48 ] CVE-2011-0686
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686
[  49 ] CVE-2011-0687
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687
[  50 ] CVE-2011-1337
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337
[  51 ] CVE-2011-1824
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824
[  52 ] CVE-2011-2609
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609
[  53 ] CVE-2011-2610
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610
[  54 ] CVE-2011-2611
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611
[  55 ] CVE-2011-2612
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612
[  56 ] CVE-2011-2613
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613
[  57 ] CVE-2011-2614
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614
[  58 ] CVE-2011-2615
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615
[  59 ] CVE-2011-2616
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616
[  60 ] CVE-2011-2617
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617
[  61 ] CVE-2011-2618
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618
[  62 ] CVE-2011-2619
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619
[  63 ] CVE-2011-2620
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620
[  64 ] CVE-2011-2621
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621
[  65 ] CVE-2011-2622
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622
[  66 ] CVE-2011-2623
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623
[  67 ] CVE-2011-2624
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624
[  68 ] CVE-2011-2625
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625
[  69 ] CVE-2011-2626
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626
[  70 ] CVE-2011-2627
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627
[  71 ] CVE-2011-2628
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628
[  72 ] CVE-2011-2629
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629
[  73 ] CVE-2011-2630
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630
[  74 ] CVE-2011-2631
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631
[  75 ] CVE-2011-2632
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632
[  76 ] CVE-2011-2633
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633
[  77 ] CVE-2011-2634
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634
[  78 ] CVE-2011-2635
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635
[  79 ] CVE-2011-2636
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636
[  80 ] CVE-2011-2637
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637
[  81 ] CVE-2011-2638
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638
[  82 ] CVE-2011-2639
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639
[  83 ] CVE-2011-2640
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640
[  84 ] CVE-2011-2641
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641
[  85 ] CVE-2011-3388
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388
[  86 ] CVE-2011-4065
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065
[  87 ] CVE-2011-4681
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681
[  88 ] CVE-2011-4682
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682
[  89 ] CVE-2011-4683
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683
[  90 ] CVE-2012-1924
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924
[  91 ] CVE-2012-1925
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925
[  92 ] CVE-2012-1926
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926
[  93 ] CVE-2012-1927
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927
[  94 ] CVE-2012-1928
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928
[  95 ] CVE-2012-1930
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930
[  96 ] CVE-2012-1931
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931
[  97 ] CVE-2012-3555
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555
[  98 ] CVE-2012-3556
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556
[  99 ] CVE-2012-3557
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557
[ 100 ] CVE-2012-3558
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558
[ 101 ] CVE-2012-3560
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560
[ 102 ] CVE-2012-3561
        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201206-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@g.o or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Attachment:
signature.asc (OpenPGP digital signature)
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[ GLSA 201206-02 ] QtGui: User-assisted execution of arbitrary code
Next by thread:
[ GLSA 201206-04 ] ArgyllCMS: User-assisted execution of arbitrary code
Previous by date:
[ GLSA 201206-02 ] QtGui: User-assisted execution of arbitrary code
Next by date:
[ GLSA 201206-04 ] ArgyllCMS: User-assisted execution of arbitrary code


Updated Jun 25, 2012

Summary: Archive of the gentoo-announce mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.