Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 113239 - www-client/opera: 8.51 is out with security fix
Summary: www-client/opera: 8.51 is out with security fix
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: C2? [glsa]
: 113237 (view as bug list)
Depends on:
Reported: 2005-11-22 04:02 UTC by ollonois
Modified: 2005-12-18 07:09 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

opera-8.51.ebuild (opera-8.51.ebuild,3.92 KB, text/plain)
2005-11-22 11:38 UTC, Jeroen Roovers (RETIRED)
no flags Details
opera-8.51.ebuild (opera-8.51.ebuild,3.92 KB, text/plain)
2005-11-22 11:53 UTC, Jeroen Roovers (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description ollonois 2005-11-22 04:02:18 UTC
Updated Opera's wrapper script to not run commands included with URLs passed
from other applications. Vulnerability reported in Secunia Advisory 16907.

* Note that the update also modifies behavior for passed URLs, which will no
longer work if quoted. That is, openURL( will work,
openURL('') will not.

Reproducible: Always
Steps to Reproduce:
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2005-11-22 04:09:57 UTC
Please, make Bug 113237 public. It's announced at - can't see any reason why this should not
be public here. 
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-11-22 04:49:31 UTC
"The vulnerability is caused due to the shell script used to launch Opera
parsing shell commands that are enclosed within backticks in the URL provided
via the command line. This can e.g. be exploited to execute arbitrary shell
commands by tricking a user into following a malicious link in an external
application which uses Opera as the default browser."

Ccing maintainer.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2005-11-22 11:38:03 UTC
Created attachment 73390 [details]
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2005-11-22 11:41:09 UTC
(In reply to comment #3)
> Created an attachment (id=73390) [edit]
> opera-8.51.ebuild

Oops. Patch files/opera-qt.2.patch fails..

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2005-11-22 11:53:03 UTC
Created attachment 73392 [details]

Patch doesn't apply it seems... Not Qt workaround (qtrc) appears in the opera
script at all. And 8.51 works fine without it.
Comment 6 Heinrich Wendel (RETIRED) gentoo-dev 2005-11-22 12:09:01 UTC
I currently have no possibility to commit anything. 
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2005-11-22 12:13:13 UTC
(In reply to comment #6)
> I currently have no possibility to commit anything. 

I can do it if you approve that ebuild...
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2005-11-22 12:33:07 UTC
(In reply to comment #7)
> (In reply to comment #6)
> > I currently have no possibility to commit anything. 
> I can do it if you approve that ebuild...

On second thoughts, I assume your comment means you wanted it commited, so it's 
in CVS now...

Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-22 13:01:00 UTC
Arches please test and mark stable. 
Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev 2005-11-22 13:18:07 UTC
sparc stable.
Comment 11 Luis Medinas (RETIRED) gentoo-dev 2005-11-22 15:19:52 UTC
stable on amd64
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-11-23 04:35:24 UTC
*** Bug 113237 has been marked as a duplicate of this bug. ***
Comment 13 Chris White (RETIRED) gentoo-dev 2005-11-23 08:36:34 UTC
x86 stable. 
Comment 14 Denilson Sá Maia 2005-11-24 12:47:19 UTC
Not stable yet. Ebuild must be fixed:

# USE=static emerge -v opera
[some 404 not found errors on some mirrors]
!!! Digest verification Failed:
!!!    /usr/portage/distfiles/opera-8.51-20051114.1-static-qt.i386-en.tar.bz2
!!! Reason: Filesize does not match recorded size

(using x86 arch)
Comment 15 Chris White (RETIRED) gentoo-dev 2005-11-24 22:11:22 UTC
The archives in the digest and those on the opera mirrors don't match indeed.  I 
didn't notice as I was using the shared version.  I've contacted opera in a bug 
report regarding the matter to verify it's our issue and not a corrupted archive 
on their site (hackers :/).  Once I get a response I'll update this bug from 
Comment 16 Thierry Carrez (RETIRED) gentoo-dev 2005-11-25 00:24:39 UTC
Can an Opera user double-check that we are indeed affected ?

There was a similar thing for Firefox but our Gentoo-specific wrapper made us
unaffected. I don't want to issue a GLSA while we don't have the vulnerability :)
Comment 17 Baby Smurf 2005-11-26 19:12:32 UTC

Comment 18 Andrej Kacian (RETIRED) gentoo-dev 2005-11-26 19:20:56 UTC
(In reply to comment #17)
> LOL!!!

This is not a forum, please refrain from such useless comments next time. Thank 
Comment 19 Markku 2005-11-27 00:56:34 UTC
I think has a quite good
explanation for ebuild problem.
Comment 20 Chris White (RETIRED) gentoo-dev 2005-11-27 02:01:02 UTC
digests fixed, x86 marked stable still.
Comment 21 Joe Jezak (RETIRED) gentoo-dev 2005-11-27 11:32:39 UTC
Marked ppc stable.
Comment 22 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-27 12:13:01 UTC
All stable. Let's verify wether our wrapper script is affected too before 
taking any GLSA decision. 
Comment 23 Thierry Carrez (RETIRED) gentoo-dev 2005-12-09 06:48:42 UTC
Any Opera user could check if we are vulnerable to this ?
Comment 24 Thierry Carrez (RETIRED) gentoo-dev 2005-12-12 06:49:07 UTC
lanius: could you confirm if we use the common Opera wrapper, which would make
us vulnerable to this flaw ?
Comment 25 Heinrich Wendel (RETIRED) gentoo-dev 2005-12-12 08:09:18 UTC
we use the common wrapper 
Comment 26 Thierry Carrez (RETIRED) gentoo-dev 2005-12-13 05:44:28 UTC
I tend to vote yes.
Comment 27 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-14 04:22:08 UTC
I tend to vote YES too. 
Comment 28 Thierry Carrez (RETIRED) gentoo-dev 2005-12-15 04:23:45 UTC
So let's do a GLSA.
Comment 29 Thierry Carrez (RETIRED) gentoo-dev 2005-12-18 07:09:43 UTC
GLSA 200512-10