Joined: 12 May 2004
|Posted: Fri Jan 12, 2007 10:26 pm Post subject: [ GLSA 200701-08 ] Opera: Two remote code execution vulnerab
|Gentoo Linux Security Advisory
Title: Opera: Two remote code execution vulnerabilities (GLSA 200701-08)
Date: January 12, 2007
Two vulnerabilities may allow the execution of arbitrary code.
Opera is a multi-platform web browser.
Vulnerable: < 9.10
Unaffected: >= 9.10
Architectures: All supported architectures
Christoph Deal discovered that JPEG files with a specially crafted DHT marker can be exploited to cause a heap overflow. Furthermore, an anonymous person discovered that Opera does not correctly handle objects passed to the "createSVGTransformFromMatrix()" function.
All Opera users should update to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-9.10"
Opera Advisory (createSVGTransformFromMatrix)
Opera Advisory (JPEG)