Summary: | <www-client/opera-11.64.1403: buffer overflow in URL constructs (CVE-2012-3561) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.opera.com/support/kb/view/1016/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2012-05-10 14:25:21 UTC
amd64 ok amd64: pass can repoman output be fixed/hidden ? RDEPEND.badindev www-client/opera/opera-11.64.1403.ebuild: ~x86-fbsd(default/bsd/fbsd/x86/8.2) ['sys-apps/util-linux'] x86 stable amd64 stable @security go ahead with glsa @jer removed vulnerable version. Thanks, folks. Added to existing GLSA request. (In reply to comment #5) > @jer removed vulnerable version. Er, no, you did that. Please leave that to maintainers next time, and don't lie about it. CVE-2012-3561 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561): Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string. This issue was resolved and addressed in GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml by GLSA coordinator Sean Amoss (ackle). |