Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 290862 (CVE-2009-3831) - <www-client/opera-10.01 Multiple vulnerabilities (CVE-2009-3831)
Summary: <www-client/opera-10.01 Multiple vulnerabilities (CVE-2009-3831)
Status: RESOLVED FIXED
Alias: CVE-2009-3831
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks: 287905
  Show dependency tree
 
Reported: 2009-10-28 11:29 UTC by Jeroen Roovers (RETIRED)
Modified: 2012-06-15 17:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2009-10-28 11:29:04 UTC
* Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash. Successful exploitation can lead to execution of arbitrary code. http://www.opera.com/support/search/view/938/

* Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. This can be used for automatic subscription of feeds, or reading other feeds. http://www.opera.com/support/search/view/939/
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2009-10-28 11:54:18 UTC
amd64, ppc and x86 arch developers, please test and stabilise
=www-client/opera-10.01
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2009-10-28 20:08:19 UTC
x86 stable
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-31 19:30:19 UTC
CVE-2009-3831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831):
  Opera before 10.01 allows remote attackers to execute arbitrary code
  or cause a denial of service (memory corruption and application
  crash) via a crafted domain name.

Comment 4 nixnut (RETIRED) gentoo-dev 2009-11-01 15:52:45 UTC
ppc stable
Comment 5 Markus Meier gentoo-dev 2009-11-04 11:14:52 UTC
amd64 stable, all arches done.
Comment 6 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-04 22:58:48 UTC
GLSA together with bug 283391 and bug 264831.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 17:40:09 UTC
This issue was resolved and addressed in
 GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml
by GLSA coordinator Sean Amoss (ackle).