Summary: | <www-client/opera-12.13_p1734 - multiple vulnerabilities (CVE-2013-{1618,1637,1638,1639}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.opera.com/docs/changelogs/unified/1213/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2013-01-30 14:33:01 UTC
# Jeroen Roovers <jer@gentoo.org> (27 Mar 2012) # Opera Next and Opera snapshots are unsupported and eternally unstable. # <http://my.opera.com/desktopteam/blog> www-client/opera-next =www-client/opera-12.13* Please remove the entry first. (In reply to comment #1) > Please remove the entry first. Thanks. Done. amd64 stable x86 stable Adding to existing GLSA draft. CVE-2013-1639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1639): Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. CVE-2013-1638 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1638): Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. CVE-2013-1637 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1637): Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. CVE-2013-1618 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1618): The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. This issue was resolved and addressed in GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml by GLSA coordinator Chris Reffett (creffett). This issue was resolved and addressed in GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml by GLSA coordinator Chris Reffett (creffett). |