Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 293902 (CVE-2009-0689) - <www-client/opera-10.10: Floating Point Number Handling Memory Corruption Vulnerability (CVE-2009-0689)
Summary: <www-client/opera-10.10: Floating Point Number Handling Memory Corruption Vul...
Status: RESOLVED FIXED
Alias: CVE-2009-0689
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-20 22:06 UTC by Laszlo Valko
Modified: 2012-06-15 17:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Laszlo Valko 2009-11-20 22:06:32 UTC
A vulnerability has been identified in Opera, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a memory corruption error when processing floating point numbers, which could allow remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a specially crafted web page.

Reproducible: Always




References:

http://securityreason.com/achievement_securityalert/73
http://www.vupen.com/english/advisories/2009/3297
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-11-27 00:09:40 UTC
Vulnerable versions are no longer in the tree. Added to existing GLSA request for bug 283391.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-01-24 11:46:43 UTC
Please do not close security bugs. The Security Team will take care of it after the GLSA is released.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 17:40:15 UTC
This issue was resolved and addressed in
 GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml
by GLSA coordinator Sean Amoss (ackle).