[32501] in bugtraq
GLSA: opera (200311-02)
daemon@ATHENA.MIT.EDU (Rajiv Aaron Manglani)
Thu Nov 20 12:18:39 2003
Mime-Version: 1.0
Message-Id: <a05210609bbe21f96ae10@[10.96.0.12]>
Date: Thu, 20 Nov 2003 02:44:23 -0500
To: bugtraq@securityfocus.com
From: Rajiv Aaron Manglani <rajiv@gentoo.org>
Content-Type: text/plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02
- ---------------------------------------------------------------------------
GLSA: 200311-02
package: net-www/opera
summary: Buffer overflows in Opera 7.11 and 7.20
severity: high
Gentoo bug: 31775
date: 2003-11-19
CVE: CAN-2003-0870
exploit: local / remote
affected: =7.11
affected: =7.20
fixed: >=7.21
DESCRIPTION:
The Opera browser can cause a buffer allocated on the heap to overflow under
certain HREFs when rendering HTML. The mail system is also deemed vulnerable
and an attacker can send an email containing a malformed HREF, or plant the
malicious HREF on a web site.
Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for
further details.
SOLUTION:
Users are encouraged to perform an 'emerge --sync' and upgrade the package to
the latest available version. Opera 7.22 is recommended as Opera 7.21 is
vulnerable to other security flaws. Specific steps to upgrade:
emerge --sync
emerge '>=net-www/opera-7.22'
emerge clean
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQE/vG7lnt0v0zAqOHYRAiqZAJ0SkxOXShPDgAKDnSpQcJAwp39ysQCbBMwN
Tv2P8JB4G1UihepXXX9fW8U=
=YHh4
-----END PGP SIGNATURE-----
