Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 446096 - <www-client/opera-12.12_p1707 - multiple vulnerabilities (CVE-2012-{6470,6471,6472})
Summary: <www-client/opera-12.12_p1707 - multiple vulnerabilities (CVE-2012-{6470,6471...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.opera.com/docs/changelogs/...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-12-05 13:34 UTC by Agostino Sarubbo
Modified: 2014-06-19 11:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-12-05 13:34:02 UTC 
From $URL :

Description
Kaveh Ghaemmaghami has discovered a vulnerability in Opera, which can be exploited by malicious 
people to potentially compromise a user's system.

The vulnerability is caused due to an error when decoding image data and can be exploited to cause 
a heap-based buffer underflow via a specially crafted GIF image.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 12.11 Build 1661. Other versions may also be affected.


Solution
No official solution is currently available.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2012-12-18 16:05:26 UTC 
 - Security -
* Fixed an issue where malformed GIF images could allow execution of arbitrary
  code; see our advisory[1]
* Fixed an issue where repeated attempts to access a target site could trigger
  address field spoofing, as reported by Masato Kinugawa; see our advisory[2]
* UNIX-only
   Fixed an issue where private data could be disclosed to other computer users,
   or be modified by them, as reported by Jann Horn; see our advisory[3]


[1] http://www.opera.com/support/kb/view/1038/
[2] http://www.opera.com/support/kb/view/1040/
[3] http://www.opera.com/support/kb/view/1039/

 - - - - - - - - - - - 

Arch teams, please test and mark stable:
=www-client/opera-12.12_p1707
Stable KEYWORDS : amd64 x86
Comment 2 Andreas Schürch gentoo-dev 2012-12-19 06:32:49 UTC 
x86 done.
Comment 3 Agostino Sarubbo gentoo-dev 2012-12-19 14:29:56 UTC 
amd64 stable
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-21 15:07:00 UTC 
Added to existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-01-02 19:11:48 UTC 
CVE-2012-6472 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6472):
  Opera before 12.12 on UNIX uses weak permissions for the profile directory,
  which allows local users to obtain sensitive information by reading a (1)
  cache file, (2) password file, or (3) configuration file, or (4) possibly
  gain privileges by modifying or overwriting a configuration file.

CVE-2012-6471 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6471):
  Opera before 12.12 allows remote attackers to spoof the address field via a
  high rate of HTTP requests.

CVE-2012-6470 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6470):
  Opera before 12.12 does not properly allocate memory for GIF images, which
  allows remote attackers to execute arbitrary code or cause a denial of
  service (memory overwrite) via a malformed image.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-06-15 00:48:08 UTC 
This issue was resolved and addressed in
 GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml
by GLSA coordinator Chris Reffett (creffett).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-06-19 11:49:51 UTC 
This issue was resolved and addressed in
 GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml
by GLSA coordinator Chris Reffett (creffett).