Opera: buffer overflows in 7.11 and 7.20

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200311-02 / Opera
Release Date	November 19, 2003
Latest Revision	November 19, 2003: 01
Impact	high
Exploitable	local / remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
www-client/opera	= 7.20, = 7.11	>= 7.21	All supported architectures

Related bugreports: #31775

Synopsis

Buffer overflows exist in Opera 7.11 and 7.20 that can cause Opera to crash, and can potentially overwrite arbitrary bytes on the heap leading to a system compromise.

2. Impact Information

Background

Opera is a multi-platform web browser.

Description

The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site.

Impact

Certain HREFs can cause a buffer allocated on the heap to overflow when rendering HTML which can allow arbitrary bytes on the heap to be overwritten which can result in a system compromise.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

Users are encouraged to perform an 'emerge sync' and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws. Specific steps to upgrade:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv '>=www-client/opera-7.22'
# emerge '>=www-client/opera-7.22'
# emerge clean

4. References

Page updated November 19, 2003

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.