429478 – <www-client/opera-12.01.1532 - multiple vulnerabilities (CVE-2012-{4142,4143,4144,4145,4146})

Bug 429478 - <www-client/opera-12.01.1532 - multiple vulnerabilities (CVE-2012-{4142,4143,4144,4145,4146})

Summary: <www-client/opera-12.01.1532 - multiple vulnerabilities (CVE-2012-{4142,4143,...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	http://www.opera.com/docs/changelogs/...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-08-02 12:24 UTC by Jeroen Roovers (RETIRED)
Modified:	2012-09-25 21:52 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Roovers (RETIRED) gentoo-dev

2012-08-02 12:24:57 UTC

= Security =
 - Re-fixed an issue where certain URL constructs could allow arbitrary code
   execution, as reported by Andrey Stroganov; see our advisory[1]
 - Fixed an issue where certain characters in HTML could incorrectly be ignored,
   which could facilitate XSS attacks; see our advisory[2]
 - Fixed another issue where small windows could be used to trick users into
   executing downloads as reported by Jordi Chancel; see our advisory[3]
 - Fixed an issue where an element's HTML content could be incorrectly returned
   without escaping, bypassing some HTML sanitizers; see our advisory[4]
 - Fixed a low severity issue, details will be disclosed at a later date

[1] http://www.opera.com/support/kb/view/1016/
[2] http://www.opera.com/support/kb/view/1026/
[3] http://www.opera.com/support/kb/view/1027/
[4] http://www.opera.com/support/kb/view/1025/

---

Arch teams, please test and mark stable:
=www-client/opera-12.01.1532
Stable KEYWORDS : amd64 x86

Comment 1 Agostino Sarubbo gentoo-dev

2012-08-02 13:02:17 UTC

amd64 stable

Comment 2 Jeff (JD) Horelick (RETIRED) gentoo-dev

2012-08-03 06:58:39 UTC

x86 stable

Comment 3 Sean Amoss (RETIRED) gentoo-dev

2012-08-03 11:43:12 UTC

Thanks, everyone. 

GLSA request filed.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2012-08-06 23:56:47 UTC

CVE-2012-4146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146):
  Opera before 12.01 allows remote attackers to cause a denial of service
  (application crash) via a crafted web site, as demonstrated by the Lenovo
  "Shop now" page.

CVE-2012-4145 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145):
  Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and
  before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and
  attack vectors, related to a "low severity issue."

CVE-2012-4144 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144):
  Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before
  12.01 on Mac OS X, does not properly escape characters in DOM elements,
  which makes it easier for remote attackers to bypass cross-site scripting
  (XSS) protection mechanisms via a crafted HTML document.

CVE-2012-4143 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143):
  Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before
  12.01 on Mac OS X, allows user-assisted remote attackers to trick users into
  downloading and executing arbitrary files via a small window for the
  download dialog, a different vulnerability than CVE-2012-1924.

CVE-2012-4142 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142):
  Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before
  12.01 on Mac OS X, ignores some characters in HTML documents in unspecified
  circumstances, which makes it easier for remote attackers to conduct
  cross-site scripting (XSS) attacks via a crafted document.

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2012-09-25 21:52:11 UTC

This issue was resolved and addressed in
 GLSA 201209-11 at http://security.gentoo.org/glsa/glsa-201209-11.xml
by GLSA coordinator Sean Amoss (ackle).