Joined: 12 May 2004
|Posted: Thu Sep 28, 2006 3:26 pm Post subject: [ GLSA 200609-18 ] Opera: RSA signature forgery
|Gentoo Linux Security Advisory
Title: Opera: RSA signature forgery (GLSA 200609-18)
Date: September 28, 2006
Opera fails to correctly verify certain signatures.
Opera is a multi-platform web browser.
Vulnerable: < 9.02
Unaffected: >= 9.02
Architectures: All supported architectures
Opera makes use of OpenSSL, which fails to correctly verify PKCS #1
v1.5 RSA signatures signed by a key with exponent 3. Some CAs in
Opera's list of trusted signers are using root certificates with
An attacker could forge certificates which will appear valid and signed
by a trusted CA.
There is no known workaround at this time.
All Opera users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-9.02"
Last edited by GLSA on Mon Jun 10, 2013 4:23 am; edited 2 times in total