Opera: Multiple vulnerabilities — GLSA 201209-11

Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code.

Affected packages

www-client/opera on all architectures
Affected versions < 12.01.1532
Unaffected versions >= 12.01.1532

Background

Opera is a fast web browser that is available free of charge.

Description

Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to trick a user into downloading and executing files, conduct Cross-Site Scripting (XSS) attacks, spoof the address bar, or have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All Opera users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532"
 

References

Release date
September 25, 2012

Latest revision
September 25, 2012: 1

Severity
normal

Exploitable
remote

Bugzilla entries