Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisorysoftware patchsecurity patchopenSUSE: 2022:10254-1 Important: Opera Critical Issues Update
An update that fixes 6 vulnerabilities is now available. . openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10254-1 Rating: important References: Cross-References: CVE-2022-4262 CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440 CVSS scores: CVE-2022-4262 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4436 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4437 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4438 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4439 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4440 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4:NonFree ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 94.0.4606.38 - CHR-9133 Update chromium on desktop-stable-108-4606 to 108.0.5359.125 - DNA-103624 Create JS API to open Search tabs feature - DNA-104004 Improve welcome pop-up - DNA-104053 Right mouse click open speed dial instead of context menu - DNA-104055 News article opens in active tab - DNA-104084 [Suggestion] Introduce a way to remove the Lucid Mode button - DNA-104089 No crashes reported in soccoro for Linux - The update to chromium 108.0.5359.125 fixes following issues: CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439, CVE-2022-4440 - Update to 94.0.4606.26 - CHR-9125 Update chromium on desktop-stable-108-4606 to 108.0.5359.99 - DNA-99207 WebUI popup/dropdown could be emptydue to lack of memory - DNA-102882 [SD][News][Continue on][Suggestion] Do not focus on opened page when opening in new tab - DNA-103076 Release installer consent flow globally - DNA-103137 Fix positioning in Web UI component - DNA-103240 Re-use logic from popup for consent not set in settings - DNA-103540 Implement Autostart for Opera Desktop (except Poland) - DNA-103636 Implement Lucid Mode for Videos - DNA-103637 Implement Lucid Mode button on top of videos - DNA-103638 Make Lucid Mode button on top of videos work - DNA-103641 Implement Lucid Mode for Images - DNA-103642 Updated design and animation for Lucid Mode button on top of videos - DNA-103650 Add Lucid Mode to Easy Setup - DNA-103701 Move User Styles loading/saving to a separate component - DNA-103718 Record "consent_given" stat for every session - DNA-103724 Video detach button wont go away - DNA-103757 Add click animation for Lucid Mode button on top of videos - DNA-103765 Console error with lucid mode flag off - DNA-103770 Easy Setup switch doesn't get updated - DNA-103771 Click animation should only show when turning on Lucid Mode - DNA-103773 Unable to access lucid mode settings section directly - DNA-103784 Investigate video buttons 'escaping' - DNA-103800 Adapt Lucid Mode button to new design - DNA-103836 Translations for O94 - DNA-103850 Label on detach button cut off - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set minimum size - DNA-103931 Wrong sidebar detection. - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off - DNA-103949 Lucid Mode doesn't work in a private window - DNA-103959 Unable to scroll down on player home page - DNA-103962 [Settings] Remove "Safety Check" - DNA-104011 Turn on Lucid Mode on all streams - DNA-104052 Hide Lucid Mode video button on Google Meet - DNA-103930 Promote O94 to stable -The update to chromium 108.0.5359.99 fixes following issues: CVE-2022-4262 - Update to 93.0.4585.64 - DNA-102836 Make 1st screen of Consent Popup a little taller to have more space under "You can adjust your choices" label - DNA-102934 Turn on building testlist on GOTH instead of Buildbot - DNA-102969 On some pages search popup don't work - DNA-103053 Put consent flow settings in separate feature flag - DNA-103054 Update consent settings to new design - DNA-103062 Add opauto tests for consent flow settings - DNA-103099 Set testlist_from in testlist generating script - DNA-103240 Re-use logic from popup for consent not set in settings - DNA-103296 Force dark page break QR code in whats app - DNA-103298 Stat for recording adblock whitelist is not sent in every session - DNA-103522 Missing translations for IDS_CONSENT_FLOW_DATA_DESC_INTERESTS - DNA-103526 search popup doesn't recognize some currencies shortcut - DNA-103530 Replace icons in sidebar setup - DNA-103636 Implement Lucid Mode for Videos - DNA-103637 Implement Lucid Mode button on top of videos - DNA-103638 Make Lucid Mode button on top of videos work - DNA-103641 Implement Lucid Mode for Images - DNA-103642 Updated design and animation for Lucid Mode button on top of videos - DNA-103650 Add Lucid Mode to Easy Setup - DNA-103701 Move User Styles loading/saving to a separate component - DNA-103718 Record "consent_given" stat for every session - DNA-103724 Video detach button wont go away - DNA-103757 Add click animation for Lucid Mode button on top of videos - DNA-103765 Console error with lucid mode flag off - DNA-103770 Easy Setup switch doesn't get updated - DNA-103771 Click animation should only show when turning on Lucid Mode - DNA-103773 Unable to access lucid mode settings section directly - DNA-103784 Investigate video buttons 'escaping' - DNA-103800 Adapt Lucid Modebutton to new design - DNA-103850 Label on detach button cut off - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set minimum size - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off - DNA-104011 Turn on Lucid Mode on all streams Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:NonFree: zypper in -t patch openSUSE-2022-10254=1 Package List: - openSUSE Leap 15.4:NonFree (x86_64): opera-94.0.4606.38-lp154.2.35.1 References: https://www.suse.com/security/cve/CVE-2022-4262.html https://www.suse.com/security/cve/CVE-2022-4436.html https://www.suse.com/security/cve/CVE-2022-4437.html https://www.suse.com/security/cve/CVE-2022-4438.html https://www.suse.com/security/cve/CVE-2022-4439.html https://www.suse.com/security/cve/CVE-2022-4440.html . Vital openSUSE Security Patch for Firefox tackles five severe vulnerabilities. Guarantees safety and reliability for all users.. openSUSE Security Update, Opera Browser Issues, Software Patching. . Severity: Important. LinuxSecurity.com Team
Dec 31, 2022
•Important
OpenSUSE
202
security advisoryimportant issueopenSUSEopenSUSE Leap 15.4: 2022:10239-1 Important Opera Browser Issue
An update that fixes 5 vulnerabilities is now available. . openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10239-1 Rating: important References: Cross-References: CVE-2022-3885 CVE-2022-3886 CVE-2022-3887 CVE-2022-3888 CVE-2022-3889 CVSS scores: CVE-2022-3885 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3886 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3887 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3888 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3889 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4:NonFree ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for opera fixes the following issues: Update to 93.0.4585.37 - DNA-102885 Turn on #sidebar-autohide on all streams - DNA-103020 Turn on #start-page-redesign on developer - DNA-103042 Fix import from Firefox - DNA-103222 [Speed Dial Suggestions] All opera.com subpages suggestions lead to the opera.com homepage - DNA-103368 TikTok videos starting to play automaticly - DNA-103535 Startpage preview is not visible - DNA-103665 Reduce Tik Tok pane width Changes in 93.0.4585.21 - CHR-9067 Update chromium on desktop-stable-107-4585 to 107.0.5304.110 - DNA-102365 Turn off opera://dify-cards page - DNA-102689 [GX] Create GX widgets section in Easy Setup - DNA-102768 [Easy setup] Sidebar options not animated - DNA-102872 No animation for opening sidebar while sidebar is closing - DNA-102929 [Weather][Private window] Weather widget appears in private window - DNA-103032 Messenger sidebar icon doesnât look great - DNA-103046 Opera crash with flag âwith-feature:sidebar-autohide=off - DNA-103107 Automatic video popout for popular sports sites â World Cup - DNA-103310 hideOperaObject() in browser.js stopped working on public builds - DNA-103320 Crash at chrome::FindBrowserByType(absl::optional) - DNA-103321 Tab preview causes freeze when dragging tabs - DNA-103375 [Workspaces] Crash at absl::raw_log_internal:: RawLog(absl::LogSeverity, char const*, int, char const*, â¦) - DNA-103395 Remove unused resources - DNA-103396 Internal translations - The update to chromium 107.0.5304.110 fixes following issues: CVE-2022-3885, CVE-2022-3886, CVE-2022-3887, CVE-2022-3888, CVE-2022-3889, CVE-2022-3889 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:NonFree: zypper in -t patch openSUSE-2022-10239=1 Package List: - openSUSE Leap 15.4:NonFree (x86_64): opera-93.0.4585.37-lp154.2.32.1 References: https://www.suse.com/security/cve/CVE-2022-3885.html https://www.suse.com/security/cve/CVE-2022-3886.html https://www.suse.com/security/cve/CVE-2022-3887.html https://www.suse.com/security/cve/CVE-2022-3888.html https://www.suse.com/security/cve/CVE-2022-3889.html . This latest Debian security update tackles 6 critical vulnerabilities in the firefox browser, accompanied by detailed patch guidelines.. openSUSE Security Update, opera browser, important issues, software patch. . Severity: Important. LinuxSecurity.com Team
Dec 09, 2022
•Important
OpenSUSE
202
security advisorysecurity issuesoftware fixopenSUSE Leap 15.2 Important Security Update for Opera Browser
An update that fixes 6 vulnerabilities is now available. . openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2360-1 Rating: important References: Cross-References: CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042 Affected Products: openSUSE Leap 15.2:NonFree ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to version 73.0.3856.284 - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88 - DNA-88454 Background of snap area above visible scrolled viewport is not captured - DNA-89749 Implement client_capabilities support for Flow / Sync - DNA-89810 Opera no longer autoselects full url/address bar when clicked - DNA-89923 [Snap] Emojis look grayed out - DNA-90060 Make gesture events work with search-in-tabs feature - DNA-90168 Display SD suggestions titles - DNA-90176 Player doesn???t show music service to choose on Welcome page - DNA-90343 [Mac] Cmd+C doesn???t copy snapshot - DNA-90538 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042 - Update to version 73.0.3856.257 - DNA-89918 #enable-force-dark flag doesn???t work anymore - DNA-90061 Clicking on video???s progress bar breaks autopausing - DNA-90079 [BigSur] Blank pages - DNA-90154 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - Complete Opera 73.0 changelog at: https://blogs.opera.com/desktop/changelog-for-73/ Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2:NonFree: zypper in -t patch openSUSE-2020-2360=1 Package List: - openSUSE Leap 15.2:NonFree (x86_64): opera-73.0.3856.284-lp152.2.27.1 References: https://www.suse.com/security/cve/CVE-2020-16037.html https://www.suse.com/security/cve/CVE-2020-16038.html https://www.suse.com/security/cve/CVE-2020-16039.html https://www.suse.com/security/cve/CVE-2020-16040.html https://www.suse.com/security/cve/CVE-2020-16041.html https://www.suse.com/security/cve/CVE-2020-16042.html . This significant patch for Fedora addresses 5 security flaws in Firefox, leading to enhanced safety and optimized functionality.. openSUSE Security, Opera Browser Fixes, Important Updates. . Severity: Important. LinuxSecurity.com Team
Dec 29, 2020
•Important
OpenSUSE
202
security advisorycritical issuesoftware updateopenSUSE: 2020:2183-1 Critical: Opera Browser Update for Security Issues
An update that fixes two vulnerabilities is now available.. --===============2964663105413608225= Announcement ID: openSUSE-SU-2020:2178-1 Rating: important References: Cross-References: CVE-2020-16013 CVE-2020-16017 Affected Products: openSUSE Leap 15.2:NonFree openSUSE Leap 15.1:NonFree ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to version 72.0.3815.400 - DNA-88996 [Mac] Vertical spacing of sidebar items incorrect - DNA-89698 [Mac] text on bookmark bar not visible when application is not focused - DNA-89746 Add product-name switch to Opera launcher and installer - DNA-89779 Implement multi-window behavior for pinned Player - DNA-89924 Music continue to play after the disabling Player from Sidebar - DNA-89994 Fix progress bar shape and color - DNA-89995 Fix font sizes, weights and colors of text in control panel - DNA-90010 Payment Methods in Settings mention Google account - DNA-90022 [Mac][BigSur] Crash at -[BrowserWindowController window:willPositionSheet:usingRect:] - DNA-90025 Player stays in the autopause after reloading panel ??? part 2 - DNA-90096 Sidebar click stat not collected for Player - DNA-90143 Adding a stat for Player sidebar clicks to the Avro schema - Update to version 72.0.3815.378 - CHR-8192 Update chromium on desktop-stable-86-3815 to 86.0.4240.198 - DNA-86550 XHRUint8Array test time out - DNA-88631 Unintended volume drop - DNA-88708 [Snap] Inproper area snapped - DNA-88726 [Mac] Overlay ???pause??? icon when Opera auto-pauses the Player - DNA-88903 Detach video button should not be visible - DNA-88938 Make home page reflect service configuration - DNA-88943 Learnmore link on home page doesnt work - DNA-88944 Apple Music service slow to open - DNA-88948 Fetch audio focus request id from MediaSession - DNA-88949 Detach video button missing - DNA-88966 No accessiblity titles for services icons in home page - DNA-88967 Investigate creating a single BrowserSidebarModel instance - DNA-88995 Overlay ???pause??? is displayed when it shouldn???t - DNA-89017 Error when signing out of YouTube Music - DNA-89054 Audio is not resumed when muting audio in tab - DNA-89094 DCHECK when pressing Reload button - DNA-89095 Manage service data through PlayerService - DNA-89100 [Player] Crash ??? many scenarios - DNA-89187 Reload button doesn???t work properly - DNA-89189 Update icons and buttons - DNA-89217 Enable #player-service on developer stream - DNA-89220 SidebarCarouselTests.* failing - DNA-89230 Crash at v8::Context::Enter() - DNA-89244 Define default widths per service - DNA-89245 Improve Spotify logo layout in home page buttons - DNA-89248 Crash at opera::WebPageBrowserSidebarItemContentViewViews ::UpdatePlayerService() - DNA-89278 [Sidebar] No notification for downloads and workspaces - DNA-89285 [Engine] Unable to launch skype with Opera - DNA-89292 Do not block page loads waiting for sitecheck data - DNA-89316 Should be able to navigate directly to playerServices section in settings - DNA-89339 Make popup appear with tooltip-like behavior - DNA-89340 Implement control panel looks in light and dark mode - DNA-89341 Make the control panel buttons work - DNA-89342 Add support for the DNA to the rollout system - DNA-89344 Show Music Service icon in the control panel - DNA-89360 Make ???Settings??? menu entry go to settings - DNA-89366 Make opera://feedback/babe attachable by the webdriver - DNA-89419 Crash at base::Value::GetAsDictionary (base::DictionaryValue const**) const - DNA-89469 Autopause does not work - DNA-89477 Do not wait with starting the player if the interrupting session is short - DNA-89480 Crash when hovering player panel - DNA-89484 Crash at base::internal::CheckedObserverAdapter ::IsMarkedForRemoval() - DNA-89489 Put control panel behind feature flag - DNA-89514 Implement feedback button for Player - DNA-89516 Do not auto-pause the Player when there is no sound - DNA-89553 Make the control panel show current song - DNA-89557 No accessibility title for rating and close buttons inside feedback dialog - DNA-89561 Make the control panel show artwork that represents current track - DNA-89575 Handle longer track and artist names - DNA-89577 Make progress bar work correctly - DNA-89630 Controler pop-up is too high (and service logo too) - DNA-89634 Panel width is reset when it shouldn???t - DNA-89654 Request higher resolution images for HiDPI - DNA-89655 Enable #player-service-control-panel on Developer stream - DNA-89671 No accessiblity titles for control panel elements - DNA-89672 String change ???A world of music?????? - DNA-89679 Player ??? don???t show control panel when Player in sidebar is opened - DNA-89722 Album cover arts are not visible - DNA-89766 Address bar does not respond to actions - DNA-89776 Control panel does not disappear after hovering elsewhere - DNA-89778 Implement multi-window behavior when no Player is pinned - DNA-89795 Player is enable after Opera restart (when in Settings was turned off) - DNA-89803 Artwork is cropped to the right - DNA-89812 Sidebar panel should hide when toggle between windows - DNA-89820 Incorrect music services for Philippines - DNA-89846 Do not show the control panel if there is nothing to show - DNA-89878 Clarify notification dot for messengers - DNA-89901 [Mac][Player] Zombie crash at exit -DNA-89952 Crash at opera::BrowserSidebarPlayerItemContentViewViews ::LoadPlayerServiceURL() - DNA-89964 Player stays in the autopause after reloading panel - DNA-89971 Multi window behaviour is not respected anymore - DNA-89976 Disallow docking for Player - DNA-89986 Enable #player-service and #player-service-control-panel on all streams - DNA-90006 Change services order in RU/UA/BY - The update to chromium 86.0.4240.198 fixes following issues: CVE-2020-16013, CVE-2020-16017 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2:NonFree: zypper in -t patch openSUSE-2020-2178=1 - openSUSE Leap 15.1:NonFree: zypper in -t patch openSUSE-2020-2178=1 Package List: - openSUSE Leap 15.2:NonFree (x86_64): opera-72.0.3815.400-lp152.2.24.1 - openSUSE Leap 15.1:NonFree (x86_64): opera-72.0.3815.400-lp151.2.36.1 References: https://www.suse.com/security/cve/CVE-2020-16013.html https://www.suse.com/security/cve/CVE-2020-16017.html . This report outlines significant security flaws in the openSUSE distribution of the Opera web browser, emphasizing essential patches and updates.. openSUSE Opera Update, security advisory, critical web browser fix. . Severity: Critical. LinuxSecurity.com Team
Dec 06, 2020
•Critical
OpenSUSE
202
security advisorysecurity issuepatchopenSUSE 12.1: 2012:0610-1 Important: Opera Security Fixes
An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available.. openSUSE Security Update: opera to 11.62 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0610-1 Rating: important References: #754687 Cross-References: CVE-2012-1924 CVE-2012-1925 CVE-2012-1926 CVE-2012-1927 CVE-2012-1928 CVE-2012-1929 CVE-2012-1930 CVE-2012-1931 Affected Products: openSUSE 12.1 openSUSE 11.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: The Opera web browser was updated to 11.62 fixing various bugs and security issues. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-270 - openSUSE 11.4: zypper in -t patch openSUSE-2012-270 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): opera-11.62-9.1 opera-gtk-11.62-9.1 opera-kde4-11.62-9.1 - openSUSE 11.4 (i586 x86_64): opera-11.62-16.1 opera-gtk-11.62-16.1 opera-kde4-11.62-16.1 References: https://www.suse.com/security/cve/CVE-2012-1924.html https://www.suse.com/security/cve/CVE-2012-1925.html https://www.suse.com/security/cve/CVE-2012-1926.html https://www.suse.com/security/cve/CVE-2012-1927.html https://www.suse.com/security/cve/CVE-2012-1928.html https://www.suse.com/security/cve/CVE-2012-1929.html https://www.suse.com/security/cve/CVE-2012-1930.html https://www.suse.com/security/cve/CVE-2012-1931.html . Make sure your openSUSE 12.1 and 11.4 installations are upgraded to Opera browserversion 11.62 to resolve 8 major vulnerabilities.. openSUSE Security Fix, Opera Update, Patch Release. . Severity: Important. LinuxSecurity.com Team
May 11, 2012
•Important
OpenSUSE
91
security advisorysoftware updategentoo linuxGentoo: GLSA-200708-17 Normal: Opera Arbitrary Code Execution
Opera contain several vulnerabilities, some of which may allow the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200708-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: August 22, 2007 Bugs: #185497, #188987 ID: 200708-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Opera contain several vulnerabilities, some of which may allow the execution of arbitrary code. Background ========= Opera is a multi-platform web browser. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 9.23 > = 9.23 Description ========== An error known as "a virtual function call on an invalid pointer" has been discovered in the JavaScript engine (CVE-2007-4367). Furthermore, iDefense Labs reported that an already-freed pointer may be still used under unspecified circumstances in the BitTorrent support (CVE-2007-3929). At last, minor other errors have been discovered, relative to memory read protection (Opera Advisory 861) and URI displays (CVE-2007-3142, CVE-2007-3819). Impact ===== A remote attacker could trigger the BitTorrent vulnerability by enticing a user into starting a malicious BitTorrent download, and execute arbitrary code through unspecified vectors. Additionally, a specially crafted JavaScript may trigger the "virtual function" vulnerability. The JavaScript engine can also access previously freed but uncleaned memory. Finally, a user can be fooled with atoo long HTTP server name that does not fit the dialog box, or a URI containing whitespaces. Workaround ========= There is no known workaround at this time for all these vulnerabilities. Resolution ========= All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/opera-9.23" References ========= [ 1 ] CVE-2007-3142 https://www.cve.org/CVERecord?id=CVE-2007-3142 [ 2 ] CVE-2007-3819 https://www.cve.org/CVERecord?id=CVE-2007-3819 [ 3 ] CVE-2007-3929 https://www.cve.org/CVERecord?id=CVE-2007-3929 [ 4 ] CVE-2007-4367 https://www.cve.org/CVERecord?id=CVE-2007-4367 [ 5 ] Opera Advisory 861 https://www.opera.com:443/help Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200708-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 23, 2007
Gentoo
100
security advisorysecurity updateremote code executionSUSE: 2006-061 moderate security issue: Opera remote code exploit
The web browser Opera has been updated to fix 2 security problems. The web browser Opera has been updated to fix 2 security problems. CVE-2006-4339: Opera was affected by the RSA signature checking problem found in openssl, since it is statically linked against openssl. CVE-2006-4819: A URL tag parsing heap overflow in Opera could be used to potentially execute code. 2) Solution or Work-Around. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: opera Announcement ID: SUSE-SA:2006:061 Date: Thu, 19 Oct 2006 15:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 Vulnerability Type: remote code execution Severity (1-10): 6 SUSE Default Package: no Cross-References: CVE-2006-4339, CVE-2006-4819 Content of This Advisory: 1) Security Vulnerability Resolved: opera 9.02 security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The web browser Opera has been updated to fix 2 security problems. CVE-2006-4339: Opera was affected by the RSA signature checking problem found in openssl, since it is statically linked against openssl. CVE-2006-4819: A URL tag parsing heap overflow in Opera could be used to potentially execute code. 2) Solution or Work-Around There is no knownworkaround, please install the update packages. 3) Special Instructions and Notes Please restart opera after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: bbe5562b99cffe3a119bde51790b1df2 SUSE LINUX 10.0: cc729c73ad71905a459a7edc96800650 SUSE LINUX 9.3: b260206533c37162f109dfbda92ff3f0 SUSE LINUX 9.2: 2a31bb95736260317f7477e9b8931335 Power PC Platform: SUSE LINUX 10.1: 18b38416f249013a2f59347544ac2014 x86-64 Platform: SUSE LINUX 10.1: 172d73602edb94383433e5e94aa98199 SUSE LINUX 10.0: 6ce6083ff6e048a234ee7fcb80e6959d SUSE LINUX 9.3: a361e2fed980e34ecabead4611a4e77e SUSE LINUX 9.2: c19e7b64b6178e60c16e1ca13987e51a Sources: SUSE LINUX 10.1: 0dea4c75b3ca67aa1f58bf8e01839940 SUSE LINUX 10.0: 3ad94cd2f274dcb715aa2b2a793a1c9f SUSE LINUX 9.3: 0a087988fd89c9110c36a442aa082e55 SUSE LINUX 9.2: c5623509df2496d6da42cce781f555ab ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are publishedvia mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Oct 19, 2006
SuSE
91
security advisorygentoonormal severityGentoo GLSA-202310-09 Critical: RSA Forgery in Opera Browser
Opera fails to correctly verify certain signatures.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200609-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: RSA signature forgery Date: September 28, 2006 Bugs: #147838 ID: 200609-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Opera fails to correctly verify certain signatures. Background ========= Opera is a multi-platform web browser. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 9.0.2 > = 9.0.2 Description ========== Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3. Impact ===== An attacker could forge certificates which will appear valid and signed by a trusted CA. Workaround ========= There is no known workaround at this time. Resolution ========= All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/opera-9.0.2" References ========= [ 1 ] Opera Advisory https://www.opera.com:443/help [ 2 ] GLSA 200609-05 https://security.gentoo.org/glsa/200609-05 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200609-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 28, 2006
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!