Joined: 17 Apr 2002
Location: Baltimore, MD
|Posted: Mon Feb 14, 2005 8:48 pm Post subject: [ GLSA 200502-17 ] Opera: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: Opera: Multiple vulnerabilities (GLSA 200502-17)
Date: February 14, 2005
Updated: December 30, 2007
Bug(s): #73871, #74076, #74321, #81747
Opera is vulnerable to several vulnerabilities which could result in information disclosure and facilitate execution of arbitrary code.
Opera is a multi-platform web browser.
Vulnerable: < 7.54-r3
Unaffected: >= 7.54-r3
Architectures: All supported architectures
Opera contains several vulnerabilities:
- fails to properly validate Content-Type and filename.
- fails to properly validate date: URIs.
- uses kfmclient exec as the Default Application to handle downloaded files when integrated with KDE.
- fails to properly control frames.
- uses Sun Java packages insecurely.
- searches an insecure path for plugins.
An attacker could exploit these vulnerabilities to:
- execute arbitrary code.
- load a malicious frame in the context of another browser session.
- leak information.
There is no known workaround at this time.
All Opera users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-7.54-r3"
Opera Changelog for 7.54u1
Opera Changelog for 7.54u2
Last edited by GLSA on Mon Dec 31, 2007 4:17 am; edited 3 times in total