261032 – <www-client/opera-9.64: Arbitrary code execution with JPEG images (CVE-2009-{0914,0915,0916})

Bug 261032 - <www-client/opera-9.64: Arbitrary code execution with JPEG images (CVE-2009-{0914,0915,0916})

Summary: <www-client/opera-9.64: Arbitrary code execution with JPEG images (CVE-2009-{...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.opera.com/support/kb/view/...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-03-03 10:06 UTC by Christian Faulhammer (RETIRED)
Modified:	2009-03-17 11:15 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Faulhammer (RETIRED) gentoo-dev

2009-03-03 10:06:50 UTC

Our old friend Tavis Ormandy discovered the following:

"Specially crafted JPEG images can cause Opera to corrupt memory and crash. Successful exploitation can lead to execution of arbitrary code."

Opera rates this as Extremely Severe

jer, please provide an ebuild

Comment 1 Alex Legler (RETIRED) archtester

2009-03-03 10:19:37 UTC

CC'ing jer ;)

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2009-03-03 13:47:17 UTC

opera-9.64.ebuild is in the tree.

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2009-03-03 14:30:44 UTC

Arches, please test and mark stable:
=www-client/opera-10.00_pre4166
Target keywords : "amd64 ppc x86"

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2009-03-03 17:08:56 UTC

(In reply to comment #3)
> Arches, please test and mark stable:
> =www-client/opera-10.00_pre4166

Obviously wrong, the target is
=www-client/opera-9.64

Comment 5 Tobias Heinlein (RETIRED) gentoo-dev

2009-03-04 18:33:36 UTC

amd64 stable

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2009-03-04 19:58:06 UTC

ppc stable

Comment 7 Christian Faulhammer (RETIRED) gentoo-dev

2009-03-07 09:04:06 UTC

x86 stable, all arches done, please proceed to GLSA.

Comment 8 Alex Legler (RETIRED) archtester

2009-03-07 09:16:39 UTC

Request filed

Comment 9 Tobias Heinlein (RETIRED) gentoo-dev

2009-03-16 23:55:55 UTC

GLSA 200903-30, thanks everyone.

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2009-03-17 11:10:08 UTC

CVE-2009-0914 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0914):
  Opera before 9.64 allows remote attackers to execute arbitrary code
  via a crafted JPEG image that triggers memory corruption.

CVE-2009-0915 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0915):
  Opera before 9.64 allows remote attackers to conduct cross-domain
  scripting attacks via unspecified vectors related to plug-ins.

CVE-2009-0916 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0916):
  Unspecified vulnerability in Opera before 9.64 has unknown impact and
  attack vectors, related to a "moderately severe issue."

Comment 11 Robert Buchholz (RETIRED) gentoo-dev

2009-03-17 11:15:10 UTC

I have added the CVE-2009-0914 reference to GLSA 200903-30. No need to send it again, and no need to process the other assigned CVEs.