Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 240500

Summary: www-client/opera <9.60 - Multiple vulnerabilities (CVE-2008-4694,CVE-2008-4695)
Product: Gentoo Security Reporter: Jeroen Roovers <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.opera.com/docs/changelogs/linux/960/#sec
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Jeroen Roovers gentoo-dev 2008-10-08 12:41:28 UTC
* Fixed an issue where specially crafted addresses could execute arbitrary code, as reported by Chris of Matasano Security; see our advisory[1]
* Java applets can no longer be used to read sensitive information, as reported by Nate McFeters; see our advisory[2]

[1] http://www.opera.com/support/search/view/901/
[2] http://www.opera.com/support/search/view/902/

www-client/opera-9.60 fixes these and an ebuild is in the tree.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-10-08 15:51:52 UTC
Arches, please test and mark stable:
=www-client/opera-9.60
Target keywords : "amd64 ppc sparc x86"
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-10-08 15:52:56 UTC
no sparc, as usual.
Comment 3 Markus Meier gentoo-dev 2008-10-09 20:13:37 UTC
amd64/x86 stable
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-10-11 17:59:54 UTC
ppc stable
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2008-10-13 18:57:32 UTC
GLSA together with bug 235298.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-10-22 18:03:42 UTC
 CVE-2008-4694 code execution using redirects to crafted addresses
 CVE-2008-4695  Java applets cache file read
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-11-03 19:01:41 UTC
GLSA 200811-01, thanks everyone and sorry about the delay.