Gentoo Archives: gentoo-announce

From: Rajiv Aaron Manglani <rajiv@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] GLSA: opera (200311-02)
Date: Thu, 20 Nov 2003 07:43:32
Message-Id: a05210607bbe21f7da846@[10.96.0.12]
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4
5 - ---------------------------------------------------------------------------
6 GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02
7 - ---------------------------------------------------------------------------
8
9 GLSA: 200311-02
10 package: net-www/opera
11 summary: Buffer overflows in Opera 7.11 and 7.20
12 severity: high
13 Gentoo bug: 31775
14 date: 2003-11-19
15 CVE: CAN-2003-0870
16 exploit: local / remote
17 affected: =7.11
18 affected: =7.20
19 fixed: >=7.21
20
21 DESCRIPTION:
22
23 The Opera browser can cause a buffer allocated on the heap to overflow under
24 certain HREFs when rendering HTML. The mail system is also deemed vulnerable
25 and an attacker can send an email containing a malformed HREF, or plant the
26 malicious HREF on a web site.
27
28 Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for
29 further details.
30
31 SOLUTION:
32
33 Users are encouraged to perform an 'emerge --sync' and upgrade the package to
34 the latest available version. Opera 7.22 is recommended as Opera 7.21 is
35 vulnerable to other security flaws. Specific steps to upgrade:
36
37 emerge --sync
38 emerge '>=net-www/opera-7.22'
39 emerge clean
40
41 -----BEGIN PGP SIGNATURE-----
42 Version: GnuPG v1.2.3 (Darwin)
43
44 iD8DBQE/vG7lnt0v0zAqOHYRAiqZAJ0SkxOXShPDgAKDnSpQcJAwp39ysQCbBMwN
45 Tv2P8JB4G1UihepXXX9fW8U=
46 =YHh4
47 -----END PGP SIGNATURE-----