Home / mailings [gentoo-announce] [ GLSA 201206-03 ] Opera: Multiple vulnerabilities
Posted on 15 June 2012
Gentoo-announceThis is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1A668CDE2336719D46A4AFB2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Opera: Multiple vulnerabilities
Date: June 15, 2012
Bugs: #264831, #283391, #290862, #293902, #294208, #294680,
#308069, #324189, #325199, #326413, #332449, #348874,
#352750, #367837, #373289, #381275, #386217, #387137,
#393395, #409857, #415379, #421075
ID: 201206-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Opera, the worst of which
allow for the execution of arbitrary code.
Background
==========
Opera is a fast web browser that is available free of charge.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera < 12.00.1467 >= 12.00.1467
Description
===========
Multiple vulnerabilities have been discovered in Opera. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
page, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition. A remote
attacker may be able to: trick users into downloading and executing
arbitrary files, bypass intended access restrictions, spoof trusted
content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
information, force subscriptions to arbitrary feeds, bypass the popup
blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
have other unknown impact.
A local attacker could perform symlink attacks to overwrite arbitrary
files with the privileges of the user running the application or
possibly obtain sensitive information.
A physically proximate attacker may be able to access an email account.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Opera users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467"
References
==========
[ 1 ] CVE-2009-1234
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234
[ 2 ] CVE-2009-2059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059
[ 3 ] CVE-2009-2063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063
[ 4 ] CVE-2009-2067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067
[ 5 ] CVE-2009-2070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070
[ 6 ] CVE-2009-3013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013
[ 7 ] CVE-2009-3044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044
[ 8 ] CVE-2009-3045
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045
[ 9 ] CVE-2009-3046
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046
[ 10 ] CVE-2009-3047
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047
[ 11 ] CVE-2009-3048
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048
[ 12 ] CVE-2009-3049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049
[ 13 ] CVE-2009-3831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831
[ 14 ] CVE-2009-4071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071
[ 15 ] CVE-2009-4072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072
[ 16 ] CVE-2010-0653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653
[ 17 ] CVE-2010-1349
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349
[ 18 ] CVE-2010-1989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989
[ 19 ] CVE-2010-1993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993
[ 20 ] CVE-2010-2121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121
[ 21 ] CVE-2010-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421
[ 22 ] CVE-2010-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455
[ 23 ] CVE-2010-2576
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576
[ 24 ] CVE-2010-2658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658
[ 25 ] CVE-2010-2659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659
[ 26 ] CVE-2010-2660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660
[ 27 ] CVE-2010-2661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661
[ 28 ] CVE-2010-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662
[ 29 ] CVE-2010-2663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663
[ 30 ] CVE-2010-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664
[ 31 ] CVE-2010-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665
[ 32 ] CVE-2010-3019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019
[ 33 ] CVE-2010-3020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020
[ 34 ] CVE-2010-3021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021
[ 35 ] CVE-2010-4579
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579
[ 36 ] CVE-2010-4580
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580
[ 37 ] CVE-2010-4581
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581
[ 38 ] CVE-2010-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582
[ 39 ] CVE-2010-4583
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583
[ 40 ] CVE-2010-4584
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584
[ 41 ] CVE-2010-4585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585
[ 42 ] CVE-2010-4586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586
[ 43 ] CVE-2011-0681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681
[ 44 ] CVE-2011-0682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682
[ 45 ] CVE-2011-0683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683
[ 46 ] CVE-2011-0684
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684
[ 47 ] CVE-2011-0685
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685
[ 48 ] CVE-2011-0686
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686
[ 49 ] CVE-2011-0687
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687
[ 50 ] CVE-2011-1337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337
[ 51 ] CVE-2011-1824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824
[ 52 ] CVE-2011-2609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609
[ 53 ] CVE-2011-2610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610
[ 54 ] CVE-2011-2611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611
[ 55 ] CVE-2011-2612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612
[ 56 ] CVE-2011-2613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613
[ 57 ] CVE-2011-2614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614
[ 58 ] CVE-2011-2615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615
[ 59 ] CVE-2011-2616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616
[ 60 ] CVE-2011-2617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617
[ 61 ] CVE-2011-2618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618
[ 62 ] CVE-2011-2619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619
[ 63 ] CVE-2011-2620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620
[ 64 ] CVE-2011-2621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621
[ 65 ] CVE-2011-2622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622
[ 66 ] CVE-2011-2623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623
[ 67 ] CVE-2011-2624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624
[ 68 ] CVE-2011-2625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625
[ 69 ] CVE-2011-2626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626
[ 70 ] CVE-2011-2627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627
[ 71 ] CVE-2011-2628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628
[ 72 ] CVE-2011-2629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629
[ 73 ] CVE-2011-2630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630
[ 74 ] CVE-2011-2631
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631
[ 75 ] CVE-2011-2632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632
[ 76 ] CVE-2011-2633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633
[ 77 ] CVE-2011-2634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634
[ 78 ] CVE-2011-2635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635
[ 79 ] CVE-2011-2636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636
[ 80 ] CVE-2011-2637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637
[ 81 ] CVE-2011-2638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638
[ 82 ] CVE-2011-2639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639
[ 83 ] CVE-2011-2640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640
[ 84 ] CVE-2011-2641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641
[ 85 ] CVE-2011-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388
[ 86 ] CVE-2011-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065
[ 87 ] CVE-2011-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681
[ 88 ] CVE-2011-4682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682
[ 89 ] CVE-2011-4683
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683
[ 90 ] CVE-2012-1924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924
[ 91 ] CVE-2012-1925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925
[ 92 ] CVE-2012-1926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926
[ 93 ] CVE-2012-1927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927
[ 94 ] CVE-2012-1928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928
[ 95 ] CVE-2012-1930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930
[ 96 ] CVE-2012-1931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931
[ 97 ] CVE-2012-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555
[ 98 ] CVE-2012-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556
[ 99 ] CVE-2012-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557
[ 100 ] CVE-2012-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558
[ 101 ] CVE-2012-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560
[ 102 ] CVE-2012-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------enig1A668CDE2336719D46A4AFB2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"