387137 – (CVE-2011-4065) <www-client/opera-11.52.1100: Nested SVG Content Processing Code Execution Vulnerability (CVE-2011-4065)

Bug 387137 (CVE-2011-4065) - <www-client/opera-11.52.1100: Nested SVG Content Processing Code Execution Vulnerability (CVE-2011-4065)

Summary: <www-client/opera-11.52.1100: Nested SVG Content Processing Code Execution Vu...

Status:	RESOLVED FIXED

Alias:	CVE-2011-4065

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/46375/
Whiteboard:	B2 [glsa]
Keywords:

Duplicates (2):	387141 387527 (view as bug list)
Depends on:
Blocks:

Reported:	2011-10-14 16:40 UTC by Sean Amoss (RETIRED)
Modified:	2012-06-15 17:41 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sean Amoss (RETIRED) gentoo-dev

2011-10-14 16:40:10 UTC

From Secunia Advisory at $URL:

"Jose A. Vazquez has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing SVG content nested within a frameset and can be exploited via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.

This may be related to:
SA44611

The vulnerability is confirmed in version 11.51 Build 1087. Other versions may also be affected."

Comment 1 Agostino Sarubbo gentoo-dev

2011-10-14 21:53:57 UTC

*** Bug 387141 has been marked as a duplicate of this bug. ***

Comment 2 Agostino Sarubbo gentoo-dev

2011-10-18 12:47:27 UTC

*** Bug 387527 has been marked as a duplicate of this bug. ***

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2011-10-19 09:08:52 UTC

Arch teams, please test and mark stable:
=www-client/opera-11.52.1100
Target KEYWORDS="amd64 x86"

Comment 4 Agostino Sarubbo gentoo-dev

2011-10-19 10:59:37 UTC

amd64 ok

Comment 5 Ian Delaney (RETIRED) gentoo-dev

2011-10-19 11:40:56 UTC

ditto Ago

Comment 6 Markos Chandras (RETIRED) gentoo-dev

2011-10-19 20:50:03 UTC

amd64 done. Thanks Agostino and Ian

Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-10-22 07:17:28 UTC

x86 stable

Comment 8 Tim Sammut (RETIRED) gentoo-dev

2011-10-22 13:50:25 UTC

Thanks, everyone. Added to existing GLSA request.

Comment 9 Sean Amoss (RETIRED) gentoo-dev

2012-03-29 14:18:50 UTC

From MITRE CVE Request:

http://spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html
is CVE-2011-4065. The CVE-2011-4065 name has been assigned since October.

Comment 10 GLSAMaker/CVETool Bot gentoo-dev

2012-06-15 17:41:24 UTC

This issue was resolved and addressed in
 GLSA 201206-03 at http://security.gentoo.org/glsa/glsa-201206-03.xml
by GLSA coordinator Sean Amoss (ackle).