Summary: | www-client/opera < 9.52 Multiple vulnerabilities (CVE-2008-{4195,4196,4197,4198,4199,4200,4292}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.opera.com/docs/changelogs/linux/952/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2008-08-20 14:59:27 UTC
An ebuild is in the tree and the package.mask entry has been removed. Feel free to proceed with stabilisation. Arches, please test and mark stable: =www-client/opera-9.52 Target keywords : "amd64 ppc sparc x86" i know, no sparc :-) I don't think I can agree to this bug's Severity being "minor". * Sites can no longer change framed content on other sites [...] - Highly Severe * Fixed an issue that could allow cross-site scripting [...] - [as yet unknown] * Custom shortcuts no longer pass the wrong parameters to applications [...] - Moderately Severe * Prevented insecure pages from showing incorrect security information [...] - Less Severe * Feed links can no longer link to local files [...] - Less Severe * Feed subscription can no longer cause the wrong page address to be displayed [...] - Not Severe The first of them should warrant expedient stabilisation and a matching Severity setting on this bug report. Stable flash stoped working in opera-9.52 here on amd64. :( Okay, had to remerge netscape-flash. :) amd64 stable I agree about the severity thing. It's much more critical imo. Stable on x86 (In reply to comment #4) > I don't think I can agree to this bug's Severity being "minor". The severity is a direct result of the status B3 ('Global service compromise: denial of service, passwords or full database leaks'), please refer to section 3 of the vulnerability treatment policy for details: http://www.gentoo.org/security/en/vulnerability-policy.xml#doc_chap3 Any higher rating (B1/B2) would mean that an attacker could leverage any of these vulnerability to execute code with or without user assistance. (In reply to comment #7) > Stable on x86 Please read http://devmanual.gentoo.org/keywording/ to find out what "stable on x86" means in Gentoo parlance. (In reply to comment #8) > (In reply to comment #4) > > I don't think I can agree to this bug's Severity being "minor". > > The severity is a direct result of the status B3 ('Global service compromise: > denial of service, passwords or full database leaks'), please refer to section > 3 of the vulnerability treatment policy for details: > http://www.gentoo.org/security/en/vulnerability-policy.xml#doc_chap3 Ah, I wasn't aware of that. Thanks. x86 stable ppc stable and ready for glsa voting <www-client/opera-9.52 removed from the tree, except where package.masked. I vote YES. I vote yes. yes too, request filed. CVE-2008-4195 Sites can change framed content on other sites CVE-2008-4196 cross-site scripting CVE-2008-4197 Custom shortcuts CVE-2008-4198 insecure pages show incorrect security information CVE-2008-4199 Feed links can link to local files CVE-2008-4200 feed subscription can cause the wrong page address to be displayed CVE-2008-4195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4195): Opera before 9.52 does not properly restrict the ability of a framed web page to change the address associated with a different frame, which allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script. CVE-2008-4196 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4196): Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2008-4197 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4197): Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. CVE-2008-4198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4198): Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays a padlock icon and offers a security information dialog reporting a secure connection, which might allow remote attackers to trick a user into performing unsafe actions on the http page. CVE-2008-4199 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4199): Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation." CVE-2008-4200 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4200): Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker. CVE-2008-4292 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4292): Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, which has unknown impact and attack vectors. NOTE: it is not clear whether this is a vulnerability, but the vendor included it in a security section of the advisory. GLSA 200811-01, thanks everyone and sorry about the delay. |