Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 261032 - <www-client/opera-9.64: Arbitrary code execution with JPEG images (CVE-2009-{0914,0915,0916})
Summary: <www-client/opera-9.64: Arbitrary code execution with JPEG images (CVE-2009-{...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.opera.com/support/kb/view/...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-03 10:06 UTC by Christian Faulhammer (RETIRED)
Modified: 2009-03-17 11:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Faulhammer (RETIRED) gentoo-dev 2009-03-03 10:06:50 UTC
Our old friend Tavis Ormandy discovered the following:

"Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code."

Opera rates this as Extremely Severe

jer, please provide an ebuild
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-03-03 10:19:37 UTC
CC'ing jer ;)
Comment 2 Jeroen Roovers gentoo-dev 2009-03-03 13:47:17 UTC
opera-9.64.ebuild is in the tree.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-03-03 14:30:44 UTC
Arches, please test and mark stable:
=www-client/opera-10.00_pre4166
Target keywords : "amd64 ppc x86"
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-03-03 17:08:56 UTC
(In reply to comment #3)
> Arches, please test and mark stable:
> =www-client/opera-10.00_pre4166

Obviously wrong, the target is
=www-client/opera-9.64
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-04 18:33:36 UTC
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2009-03-04 19:58:06 UTC
ppc stable
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2009-03-07 09:04:06 UTC
x86 stable, all arches done, please proceed to GLSA.
Comment 8 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-03-07 09:16:39 UTC
Request filed
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-16 23:55:55 UTC
GLSA 200903-30, thanks everyone.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2009-03-17 11:10:08 UTC
CVE-2009-0914 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0914):
  Opera before 9.64 allows remote attackers to execute arbitrary code
  via a crafted JPEG image that triggers memory corruption.

CVE-2009-0915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0915):
  Opera before 9.64 allows remote attackers to conduct cross-domain
  scripting attacks via unspecified vectors related to plug-ins.

CVE-2009-0916 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0916):
  Unspecified vulnerability in Opera before 9.64 has unknown impact and
  attack vectors, related to a "moderately severe issue."

Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2009-03-17 11:15:10 UTC
I have added the CVE-2009-0914 reference to GLSA 200903-30. No need to send it again, and no need to process the other assigned CVEs.