blob: d2d7fa35124a433fe97138f80184e01edfbbda0c [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200701-08">
<title>Opera: Two remote code execution vulnerabilities</title>
Two vulnerabilities may allow the execution of arbitrary code.
<product type="ebuild">opera</product>
<announced>January 12, 2007</announced>
<revised>January 12, 2007: 01</revised>
<package name="www-client/opera" auto="yes" arch="*">
<unaffected range="ge">9.10</unaffected>
<vulnerable range="lt">9.10</vulnerable>
Opera is a multi-platform web browser.
Christoph Deal discovered that JPEG files with a specially crafted DHT
marker can be exploited to cause a heap overflow. Furthermore, an
anonymous person discovered that Opera does not correctly handle
objects passed to the "createSVGTransformFromMatrix()" function.
<impact type="normal">
An attacker could potentially exploit the vulnerabilities to execute
arbitrary code with the privileges of the user running Opera by
enticing a victim to open a specially crafted JPEG file or a website
containing malicious JavaScript code.
The vendor recommends disabling JavaScript to avoid the
"createSVGTransformFromMatrix" vulnerability. There is no known
workaround for the other vulnerability.
All Opera users should update to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-client/opera-9.10&quot;</code>
<uri link="">Opera Advisory (createSVGTransformFromMatrix)</uri>
<uri link="">Opera Advisory (JPEG)</uri>
<uri link="">CVE-2007-0126</uri>
<uri link="">CVE-2007-0127</uri>
<metadata tag="requester" timestamp="Tue, 09 Jan 2007 12:37:33 +0000">
<metadata tag="bugReady" timestamp="Tue, 09 Jan 2007 12:37:44 +0000">
<metadata tag="submitter" timestamp="Tue, 09 Jan 2007 18:43:10 +0000">