- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: June 15, 2012 Bugs: #264831, #283391, #290862, #293902, #294208, #294680, #308069, #324189, #325199, #326413, #332449, #348874, #352750, #367837, #373289, #381275, #386217, #387137, #393395, #409857, #415379, #421075 ID: 201206-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which allow for the execution of arbitrary code. Background ========== Opera is a fast web browser that is available free of charge. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.00.1467 >= 12.00.1467 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.00.1467" References ========== [ 1 ] CVE-2009-1234 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1234 [ 2 ] CVE-2009-2059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2059 [ 3 ] CVE-2009-2063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2063 [ 4 ] CVE-2009-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2067 [ 5 ] CVE-2009-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2070 [ 6 ] CVE-2009-3013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3013 [ 7 ] CVE-2009-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3044 [ 8 ] CVE-2009-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3045 [ 9 ] CVE-2009-3046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3046 [ 10 ] CVE-2009-3047 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3047 [ 11 ] CVE-2009-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3048 [ 12 ] CVE-2009-3049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3049 [ 13 ] CVE-2009-3831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3831 [ 14 ] CVE-2009-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4071 [ 15 ] CVE-2009-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4072 [ 16 ] CVE-2010-0653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0653 [ 17 ] CVE-2010-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1349 [ 18 ] CVE-2010-1989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1989 [ 19 ] CVE-2010-1993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1993 [ 20 ] CVE-2010-2121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2121 [ 21 ] CVE-2010-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2421 [ 22 ] CVE-2010-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2455 [ 23 ] CVE-2010-2576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2576 [ 24 ] CVE-2010-2658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2658 [ 25 ] CVE-2010-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2659 [ 26 ] CVE-2010-2660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2660 [ 27 ] CVE-2010-2661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2661 [ 28 ] CVE-2010-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2662 [ 29 ] CVE-2010-2663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2663 [ 30 ] CVE-2010-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2664 [ 31 ] CVE-2010-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2665 [ 32 ] CVE-2010-3019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3019 [ 33 ] CVE-2010-3020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3020 [ 34 ] CVE-2010-3021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3021 [ 35 ] CVE-2010-4579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4579 [ 36 ] CVE-2010-4580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4580 [ 37 ] CVE-2010-4581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4581 [ 38 ] CVE-2010-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4582 [ 39 ] CVE-2010-4583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4583 [ 40 ] CVE-2010-4584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4584 [ 41 ] CVE-2010-4585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4585 [ 42 ] CVE-2010-4586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4586 [ 43 ] CVE-2011-0681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0681 [ 44 ] CVE-2011-0682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0682 [ 45 ] CVE-2011-0683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0683 [ 46 ] CVE-2011-0684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0684 [ 47 ] CVE-2011-0685 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0685 [ 48 ] CVE-2011-0686 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0686 [ 49 ] CVE-2011-0687 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0687 [ 50 ] CVE-2011-1337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1337 [ 51 ] CVE-2011-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1824 [ 52 ] CVE-2011-2609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2609 [ 53 ] CVE-2011-2610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2610 [ 54 ] CVE-2011-2611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2611 [ 55 ] CVE-2011-2612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2612 [ 56 ] CVE-2011-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2613 [ 57 ] CVE-2011-2614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2614 [ 58 ] CVE-2011-2615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2615 [ 59 ] CVE-2011-2616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2616 [ 60 ] CVE-2011-2617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2617 [ 61 ] CVE-2011-2618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2618 [ 62 ] CVE-2011-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2619 [ 63 ] CVE-2011-2620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2620 [ 64 ] CVE-2011-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2621 [ 65 ] CVE-2011-2622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2622 [ 66 ] CVE-2011-2623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2623 [ 67 ] CVE-2011-2624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2624 [ 68 ] CVE-2011-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2625 [ 69 ] CVE-2011-2626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2626 [ 70 ] CVE-2011-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2627 [ 71 ] CVE-2011-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2628 [ 72 ] CVE-2011-2629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2629 [ 73 ] CVE-2011-2630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2630 [ 74 ] CVE-2011-2631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2631 [ 75 ] CVE-2011-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2632 [ 76 ] CVE-2011-2633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2633 [ 77 ] CVE-2011-2634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2634 [ 78 ] CVE-2011-2635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2635 [ 79 ] CVE-2011-2636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2636 [ 80 ] CVE-2011-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2637 [ 81 ] CVE-2011-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2638 [ 82 ] CVE-2011-2639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2639 [ 83 ] CVE-2011-2640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2640 [ 84 ] CVE-2011-2641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2641 [ 85 ] CVE-2011-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3388 [ 86 ] CVE-2011-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4065 [ 87 ] CVE-2011-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4681 [ 88 ] CVE-2011-4682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4682 [ 89 ] CVE-2011-4683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4683 [ 90 ] CVE-2012-1924 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1924 [ 91 ] CVE-2012-1925 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1925 [ 92 ] CVE-2012-1926 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1926 [ 93 ] CVE-2012-1927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1927 [ 94 ] CVE-2012-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1928 [ 95 ] CVE-2012-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1930 [ 96 ] CVE-2012-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1931 [ 97 ] CVE-2012-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3555 [ 98 ] CVE-2012-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3556 [ 99 ] CVE-2012-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3557 [ 100 ] CVE-2012-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3558 [ 101 ] CVE-2012-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3560 [ 102 ] CVE-2012-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5