Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 240500 - www-client/opera <9.60 - Multiple vulnerabilities (CVE-2008-4694,CVE-2008-4695)
Summary: www-client/opera <9.60 - Multiple vulnerabilities (CVE-2008-4694,CVE-2008-4695)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.opera.com/docs/changelogs/...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-08 12:41 UTC by Jeroen Roovers (RETIRED)
Modified: 2008-11-03 19:01 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2008-10-08 12:41:28 UTC 
* Fixed an issue where specially crafted addresses could execute arbitrary code, as reported by Chris of Matasano Security; see our advisory[1]
* Java applets can no longer be used to read sensitive information, as reported by Nate McFeters; see our advisory[2]

[1] http://www.opera.com/support/search/view/901/
[2] http://www.opera.com/support/search/view/902/

www-client/opera-9.60 fixes these and an ebuild is in the tree.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-10-08 15:51:52 UTC 
Arches, please test and mark stable:
=www-client/opera-9.60
Target keywords : "amd64 ppc sparc x86"
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-10-08 15:52:56 UTC 
no sparc, as usual.
Comment 3 Markus Meier gentoo-dev 2008-10-09 20:13:37 UTC 
amd64/x86 stable
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-10-11 17:59:54 UTC 
ppc stable
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2008-10-13 18:57:32 UTC 
GLSA together with bug 235298.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-10-22 18:03:42 UTC 
 CVE-2008-4694 code execution using redirects to crafted addresses
 CVE-2008-4695  Java applets cache file read
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-11-03 19:01:41 UTC 
GLSA 200811-01, thanks everyone and sorry about the delay.