Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Gentoo GLSA 200512-10 Normal: Opera Command-Line URL Injection Risk

gentoo
Calendar Grey December 18, 2005
Scroller Gentoo
The Gentoo Linux security team warns of a critical command injection vulnerability in Opera, urging users to update to patched versions immediately for safety
Lack of URL validation in Opera command-line wrapper could be abused to execute arbitrary commands.

Summary

Gentoo Linux Security Advisory GLSA 200512-10 https://security.gentoo.org/ Severity: Normal Title: Opera: Command-line URL shell command injection Date: December 18, 2005 Bugs: #113239 ID: 200512-10

Synopsis ======= Lack of URL validation in Opera command-line wrapper could be abused to execute arbitrary commands.
Background ========= Opera is a multi-platform web browser.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 8.51 >= 8.51
========== Peter Zelezny discovered that the shell script used to launch Opera parses shell commands that are enclosed within backticks in the URL provided via the command line.
Impact ===== A remo...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround