Gentoo FoundationGLSA-200311-02Opera: buffer overflows in 7.11 and 7.20
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
92.7%
Background
Opera is a multi-platform web browser.
Description
The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site.
Impact
Certain HREFs can cause a buffer allocated on the heap to overflow when rendering HTML which can allow arbitrary bytes on the heap to be overwritten which can result in a system compromise.
Workaround
There is no known workaround at this time.
Resolution
Users are encouraged to perform an ‘emerge sync’ and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws. Specific steps to upgrade:
# emerge sync
# emerge -pv '>=www-client/opera-7.22'
# emerge '>=www-client/opera-7.22'
# emerge clean
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | www-client/opera | = 7.20 | UNKNOWN |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
92.7%