From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200811-01.xml | 126 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 metadata/glsa/glsa-200811-01.xml (limited to 'metadata/glsa/glsa-200811-01.xml') diff --git a/metadata/glsa/glsa-200811-01.xml b/metadata/glsa/glsa-200811-01.xml new file mode 100644 index 000000000000..aeb07e92a4b5 --- /dev/null +++ b/metadata/glsa/glsa-200811-01.xml @@ -0,0 +1,126 @@ + + + + Opera: Multiple vulnerabilities + + Multiple vulnerabilities have been discovered in Opera, allowing for the + execution of arbitrary code. + + opera + 2008-11-03 + 2008-11-03: 01 + 235298 + 240500 + 243060 + 244980 + remote + + + 9.62 + 9.62 + + + +

+ Opera is a fast web browser that is available free of charge. +

+ + +

+ Multiple vulnerabilities have been discovered in Opera: +

+
    +
  • Opera does not restrict the ability of a framed web page to change + the address associated with a different frame (CVE-2008-4195).
    • +
  • Chris Weber (Casaba Security) discovered a Cross-site scripting + vulnerability (CVE-2008-4196).
    • +
  • Michael A. Puls II discovered + that Opera can produce argument strings that contain uninitialized + memory, when processing custom shortcut and menu commands + (CVE-2008-4197).
    • +
  • Lars Kleinschmidt discovered that Opera, when + rendering an HTTP page that has loaded an HTTPS page into a frame, + displays a padlock icon and offers a security information dialog + reporting a secure connection (CVE-2008-4198).
    • +
  • Opera does not + prevent use of links from web pages to feed source files on the local + disk (CVE-2008-4199).
    • +
  • Opera does not ensure that the address + field of a news feed represents the feed's actual URL + (CVE-2008-4200).
    • +
  • Opera does not check the CRL override upon + encountering a certificate that lacks a CRL (CVE-2008-4292).
    • +
  • Chris (Matasano Security) reported that Opera may crash if it is + redirected by a malicious page to a specially crafted address + (CVE-2008-4694).
    • +
  • Nate McFeters reported that Opera runs Java + applets in the context of the local machine, if that applet has been + cached and a page can predict the cache path for that applet and load + it from the cache (CVE-2008-4695).
    • +
  • Roberto Suggi Liverani + (Security-Assessment.com) reported that Opera's History Search results + does not escape certain constructs correctly, allowing for the + injection of scripts into the page (CVE-2008-4696).
    • +
  • David + Bloom reported that Opera's Fast Forward feature incorrectly executes + scripts from a page held in a frame in the outermost page instead of + the page the JavaScript URL was located (CVE-2008-4697).
    • +
  • David + Bloom reported that Opera does not block some scripts when previewing a + news feed (CVE-2008-4698).
    • +
  • Opera does not correctly sanitize + content when certain parameters are passed to Opera's History Search, + allowing scripts to be injected into the History Search results page + (CVE-2008-4794).
    • +
  • Opera's links panel incorrectly causes + scripts from a page held in a frame to be executed in the outermost + page instead of the page where the URL was located + (CVE-2008-4795).
    • +
+ + +

+ These vulnerabilties allow remote attackers to execute arbitrary code, + to run scripts injected into Opera's History Search with elevated + privileges, to inject arbitrary web script or HTML into web pages, to + manipulate the address bar, to change Opera's preferences, to determine + the validity of local filenames, to read cache files, browsing history, + and subscribed feeds or to conduct other attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All Opera users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/opera-9.62" + + + CVE-2008-4195 + CVE-2008-4196 + CVE-2008-4197 + CVE-2008-4198 + CVE-2008-4199 + CVE-2008-4200 + CVE-2008-4292 + CVE-2008-4694 + CVE-2008-4695 + CVE-2008-4696 + CVE-2008-4697 + CVE-2008-4698 + CVE-2008-4794 + CVE-2008-4795 + + + keytoaster + + + keytoaster + + -- cgit v1.2.3