Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 50857

Summary: net-www/opera : file creation/truncation vulnerability
Product: Gentoo Security Reporter: Boris <1723542c42148b2fe4af9f7ad1e382b30d4b7fd7>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bugs.gentoo.org, lanius, troworld
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.opera.com/
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: opera-7.50.ebuild.patch

Description Boris 2004-05-12 09:03:08 UTC 
The final release of Opera 7.50 is out since today. I patched the old opera-7.50_beta1.ebuild to install the new version.

Currently the main ftp-server is hard to reach, but mirrors are available on the website.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Boris 2004-05-12 09:04:00 UTC 
Created attachment 31273 [details, diff]
opera-7.50.ebuild.patch
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2004-05-13 06:15:58 UTC 
*** Bug 50920 has been marked as a duplicate of this bug. ***
Comment 3 Carsten Lohrke (RETIRED) gentoo-dev 2004-05-13 06:18:29 UTC 
Opera Telnet URI Handler File Creation/Truncation Vulnerability
http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities&flashstatus=true
Comment 4 Boris 2004-05-13 10:28:13 UTC 
An addition to the vulnerability:

The bug is fixed since opera-7.50_beta1.
See the change Changelog for this http://www.opera.com/windows/changelogs/750b1/
Comment 5 Johnny Franz 2004-05-14 08:34:32 UTC 
Please please bump.
Comment 6 Heinrich Wendel (RETIRED) gentoo-dev 2004-05-14 13:49:26 UTC 
already bumped it, forgot to make a change to the bug ;)
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2004-05-15 00:31:01 UTC 
Reopened as a security bug to treat the Opera Telnet URI Handler File Creation/Truncation Vulnerability in v <= 7.50 GLSA.

amd64 : please add ~amd64
sparc : please mark stable
Comment 8 Jason Wever (RETIRED) gentoo-dev 2004-05-15 08:46:56 UTC 
Opera-7.50 complains on both x86 and sparc that it cannot find a spellcheck.so to load when it starts (this library is provided by opera).  It doesn't appear to effect the browser itself much as you can still run it, but I haven't tested the mail components.  Do we want to try and fix this now or after the GLSA?
Comment 9 Jason Wever (RETIRED) gentoo-dev 2004-05-22 16:32:35 UTC 
So do we care that opera cannot load the spellcheck library or not?
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2004-05-23 03:41:03 UTC 
Heinrich: could you look into the spellcheck.so problem ?

If it's an easy fix, it would probably be better to have it in. If it's not, we'll probably mark stable this version so taht the GLSA can get out...
Comment 11 Heinrich Wendel (RETIRED) gentoo-dev 2004-05-24 05:30:11 UTC 
since it is an configuration issue and another bug is open for it, we can close this one if the other arches mark 7.50 stable
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2004-05-24 12:43:35 UTC 
sparc : please retest with 7.50-r1 and mark stable, the spellcheck issue should be solved (see bug #51183).

Removing ppc and amd64 from Cc: since no stable flags are needed from them.
Comment 13 Jason Wever (RETIRED) gentoo-dev 2004-05-24 19:17:26 UTC 
Marked stable on sparc.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2004-05-25 01:06:13 UTC 
Thanks Jason !
This one is ready for a GLSA.
Comment 15 Kurt Lieber (RETIRED) gentoo-dev 2004-05-25 08:58:36 UTC 
glsa 200405-19