Summary: | <www-client/opera-12.15_p1748 - multiple vulnerabilities (CVE-2013-{3210,3211}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jer |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/52859/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-04-04 19:08:48 UTC
* Fixed a moderately severe issue, as reported by Attila Suszter; details will be disclosed at a later date. * Added safeguards against attacks on the RC4 encryption protocol; see our advisory[1]. * Fixed an issue where cookies could be set for a top-level domain; see our advisory[2]. [1] http://www.opera.com/security/advisory/1046 [2] http://www.opera.com/security/advisory/1047 Arch teams, please test and mark stable: =www-client/opera-12.15_p1748 Stable KEYWORDS : amd64 x86 amd64 stable x86 stable GLSA vote: no. CVE-2013-3211 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3211): Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue." CVE-2013-3210 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3210): Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. GLSA vote: no Closing as noglsa |