1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200609-18 / opera |
| Release Date | September 28, 2006 |
| Latest Revision | September 28, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| www-client/opera | < 9.02 | >= 9.02 | All supported architectures |
Related bugreports: #147838
Opera fails to correctly verify certain signatures.
Opera is a multi-platform web browser.
Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3.
An attacker could forge certificates which will appear valid and signed by a trusted CA.
There is no known workaround at this time.
All Opera users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.02" |