Gentoo Bug 160369 - www-client/opera: (versions < 9.10) createSVGTransformFromMatrix() and JPEG vulnerabilities

First Last Prev Next No search results available Search page Enter new bug

Bug#:	160369
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Executioner <keith@email.arizona.edu>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 160369 depends on:			Show dependency tree
Bug 160369 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-01-06 07:24 0000

Description:
Two vulnerabilities have been reported in Opera, which can be exploited by
malicious people to compromise a user's system.

1) An unspecified error when processing JPEG files can be exploited to cause a
heap-based buffer overflow via a JPEG file with a specially crafted DHT marker.

2) An error within createSVGTransformFromMatrix() can be exploited by passing
an incorrect object to the said function.


Reproducible: Didn't try




http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852

------- Comment #1 From Tavis Ormandy (RETIRED) 2007-01-06 09:56:14 0000 -------

arch teams, please test and mark stable opera-9.10

------- Comment #2 From Gustavo Zacarias (RETIRED) 2007-01-06 11:47:27 0000 -------

sparc stable.

------- Comment #3 From Christian Faulhammer 2007-01-06 15:39:21 0000 -------

x86 stable

------- Comment #4 From Tobias Scherbaum 2007-01-07 18:12:29 0000 -------

ppc stable

------- Comment #5 From Executioner 2007-01-09 03:46:55 0000 -------

How about amd64?

------- Comment #6 From Michael Cummings (RETIRED) 2007-01-09 12:23:52 0000 -------

taking up the caboose, amd64 pulls out of the station :)

------- Comment #7 From Executioner 2007-01-09 16:12:10 0000 -------

okay, cool, are we ready close this then?

------- Comment #8 From Stefan Cornelius (RETIRED) 2007-01-09 18:17:25 0000 -------

nope, a GLSA has to be drafted, reviewed and issued. Then this will be closed.

------- Comment #9 From Raphael Marichez 2007-01-12 22:06:58 0000 -------

GLSA 200701-08

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 160369

www-client/opera: (versions < 9.10) createSVGTransformFromMatrix() and JPEG vulnerabilities

Last modified: 2007-01-12 22:06:58 0000