| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Nov 2003 02:44:23 -0500 From: Rajiv Aaron Manglani <rajiv@...too.org> To: bugtraq@...urityfocus.com Subject: GLSA: opera (200311-02) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02 - --------------------------------------------------------------------------- GLSA: 200311-02 package: net-www/opera summary: Buffer overflows in Opera 7.11 and 7.20 severity: high Gentoo bug: 31775 date: 2003-11-19 CVE: CAN-2003-0870 exploit: local / remote affected: =7.11 affected: =7.20 fixed: >=7.21 DESCRIPTION: The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site. Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for further details. SOLUTION: Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws. Specific steps to upgrade: emerge --sync emerge '>=net-www/opera-7.22' emerge clean -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/vG7lnt0v0zAqOHYRAiqZAJ0SkxOXShPDgAKDnSpQcJAwp39ysQCbBMwN Tv2P8JB4G1UihepXXX9fW8U= =YHh4 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists