creffett 14/06/15 00:26:11 Added: glsa-201406-14.xml Log: GLSA 201406-14
Revision Changes Path 1.1 xml/htdocs/security/en/glsa/glsa-201406-14.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201406-14.xml?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201406-14.xml?rev=1.1&content-type=text/plain Index: glsa-201406-14.xml =================================================================== <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?> <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd";> <glsa id="201406-14"> <title>Opera: Multiple vulnerabilities</title> <synopsis>Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. </synopsis> <product type="ebuild">opera</product> <announced>June 15, 2014</announced> <revised>June 15, 2014: 1</revised> <bug>442044</bug> <bug>444040</bug> <bug>446096</bug> <bug>454654</bug> <access>local, remote</access> <affected> <package name="www-client/opera" auto="yes" arch="*"> <unaffected range="ge">12.13_p1734</unaffected> <vulnerable range="lt">12.13_p1734</vulnerable> </package> </affected> <background> <p>Opera is a fast web browser that is available free of charge.</p> </background> <description> <p>Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. </p> </description> <impact type="normal"> <p>A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information, conduct Cross-Site Scripting (XSS) attacks, or bypass security restrictions. </p> <p>A local attacker may be able to obtain sensitive information.</p> </impact> <workaround> <p>There is no known workaround at this time.</p> </workaround> <resolution> <p>All Opera users should upgrade to the latest version:</p> <code> # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.13_p1734" </code> </resolution> <references> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6461";>CVE-2012-6461</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6462";>CVE-2012-6462</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6463";>CVE-2012-6463</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6464";>CVE-2012-6464</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6465";>CVE-2012-6465</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6466";>CVE-2012-6466</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6467";>CVE-2012-6467</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6468";>CVE-2012-6468</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6469";>CVE-2012-6469</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6470";>CVE-2012-6470</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6471";>CVE-2012-6471</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6472";>CVE-2012-6472</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1618";>CVE-2013-1618</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1637";>CVE-2013-1637</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1638";>CVE-2013-1638</uri> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1639";>CVE-2013-1639</uri> </references> <metadata tag="requester" timestamp="Tue, 13 Nov 2012 00:45:56 +0000">ackle</metadata> <metadata tag="submitter" timestamp="Sun, 15 Jun 2014 00:23:54 +0000">ackle</metadata> </glsa>
