Lucene search

K
gentooGentoo FoundationGLSA-200804-14
HistoryApr 14, 2008 - 12:00 a.m.

Opera: Multiple vulnerabilities

2008-04-1400:00:00
Gentoo Foundation
security.gentoo.org
9

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.092 Low

EPSS

Percentile

94.5%

Background

Opera is a fast web browser that is available free of charge.

Description

Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website (CVE-2008-1761) as well as when processing HTML CANVAS elements to use scaled images (CVE-2008-1762). Additionally, an unspecified weakness related to keyboard handling of password inputs has been reported (CVE-2008-1764).

Impact

A remote attacker could entice a user to visit a specially crafted web site or news feed and possibly execute arbitrary code with the privileges of the user running Opera.

Workaround

There is no known workaround at this time.

Resolution

All Opera users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/opera-9.27"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-client/opera< 9.27UNKNOWN

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.092 Low

EPSS

Percentile

94.5%

Related for GLSA-200804-14