Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 415379

Summary: <www-client/opera-11.64.1403: buffer overflow in URL constructs (CVE-2012-3561)
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.opera.com/support/kb/view/1016/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2012-05-10 14:25:21 UTC 
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
 = Advisory: Certain URL constructs can allow arbitrary code execution =
 =  Severity
 =   Critical 
 = Description 

 Certain page address (URL) constructs can cause Opera to allocate the wrong amount of memory for storing the address. When it then attempts to store the address, it will overwrite unrelated memory with attacker-controlled data. This can lead to a crash, which may also execute that data as code.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Arch teams, please test and mark stable:
=www-client/opera-11.64.1403
Target KEYWORDS="amd64 x86"
Comment 1 Maurizio Camisaschi (amd64 AT) 2012-05-10 21:15:14 UTC 
amd64 ok
Comment 2 Elijah "Armageddon" El Lazkani (amd64 AT) 2012-05-10 23:07:01 UTC 
amd64: pass

can repoman output be fixed/hidden ?
  RDEPEND.badindev
   www-client/opera/opera-11.64.1403.ebuild: ~x86-fbsd(default/bsd/fbsd/x86/8.2) ['sys-apps/util-linux']
Comment 3 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-05-11 05:43:55 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2012-05-11 07:30:17 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2012-05-11 07:32:22 UTC 
@security go ahead with glsa


@jer removed vulnerable version.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2012-05-11 17:16:27 UTC 
Thanks, folks. Added to existing GLSA request.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2012-05-12 14:17:49 UTC 
(In reply to comment #5)
> @jer removed vulnerable version.

Er, no, you did that. Please leave that to maintainers next time, and don't lie about it.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 17:10:11 UTC 
CVE-2012-3561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561):
  Opera before 11.64 does not properly allocate memory for URL strings, which
  allows remote attackers to execute arbitrary code or cause a denial of
  service (memory corruption and application crash) via a crafted string.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 17:41:37 UTC 
This issue was resolved and addressed in
 GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml
by GLSA coordinator Sean Amoss (ackle).