Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 261032

Summary: <www-client/opera-9.64: Arbitrary code execution with JPEG images (CVE-2009-{0914,0915,0916})
Product: Gentoo Security Reporter: Christian Faulhammer (RETIRED) <fauli>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: jer
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.opera.com/support/kb/view/926/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Christian Faulhammer (RETIRED) gentoo-dev 2009-03-03 10:06:50 UTC 
Our old friend Tavis Ormandy discovered the following:

"Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code."

Opera rates this as Extremely Severe

jer, please provide an ebuild
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-03 10:19:37 UTC 
CC'ing jer ;)
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2009-03-03 13:47:17 UTC 
opera-9.64.ebuild is in the tree.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-03-03 14:30:44 UTC 
Arches, please test and mark stable:
=www-client/opera-10.00_pre4166
Target keywords : "amd64 ppc x86"
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-03-03 17:08:56 UTC 
(In reply to comment #3)
> Arches, please test and mark stable:
> =www-client/opera-10.00_pre4166

Obviously wrong, the target is
=www-client/opera-9.64
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-04 18:33:36 UTC 
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2009-03-04 19:58:06 UTC 
ppc stable
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2009-03-07 09:04:06 UTC 
x86 stable, all arches done, please proceed to GLSA.
Comment 8 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-07 09:16:39 UTC 
Request filed
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-16 23:55:55 UTC 
GLSA 200903-30, thanks everyone.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2009-03-17 11:10:08 UTC 
CVE-2009-0914 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0914):
  Opera before 9.64 allows remote attackers to execute arbitrary code
  via a crafted JPEG image that triggers memory corruption.

CVE-2009-0915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0915):
  Opera before 9.64 allows remote attackers to conduct cross-domain
  scripting attacks via unspecified vectors related to plug-ins.

CVE-2009-0916 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0916):
  Unspecified vulnerability in Opera before 9.64 has unknown impact and
  attack vectors, related to a "moderately severe issue."
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2009-03-17 11:15:10 UTC 
I have added the CVE-2009-0914 reference to GLSA 200903-30. No need to send it again, and no need to process the other assigned CVEs.