Gentoo Security Advisory GLSA 200311-02 (Opera) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200311-02.

Solution

Users are encouraged to perform an 'emerge sync' and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws. Specific steps to upgrade: # emerge sync # emerge -pv '>=net-www/opera-7.22' # emerge '>=net-www/opera-7.22' # emerge clean http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200311-02 http://bugs.gentoo.org/show_bug.cgi?id=31775 http://www.atstake.com/research/advisories/2003/a102003-1.txt

Insight

Buffer overflows exist in Opera 7.11 and 7.20 that can cause Opera to crash, and can potentially overwrite arbitrary bytes on the heap leading to a system compromise.

Severity

Classification

CVE CVE-2003-0870

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-05 (Apache)
Gentoo Security Advisory GLSA 200407-09 (MoinMoin)
Gentoo Security Advisory GLSA 200409-15 (Usermin)
Gentoo Security Advisory GLSA 200311-02 (Opera)
Gentoo Security Advisory GLSA 200404-08 (automake)

Take action and discover your vulnerabilities