[Frugalware-security] [ FSA-248 ] opera
noreply at frugalware.org
Thu Aug 16 03:02:41 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Frugalware Security Advisory FSA-248
Vulnerable versions: <= 9.20-1terminus1
Unaffected versions: >= 9.22-1terminus1
Related bugreport: http://bugs.frugalware.org/task/2266
1) Robert Swiecki has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct spoofing attacks.
The vulnerability is caused due to an error in the handling of the "data:" URI scheme. This can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar when a user follows a specially crafted link.
2) A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system
The vulnerability is caused due to Opera using already freed memory when parsing BitTorrent headers and can lead to an invalid object pointer being dereferenced. This can be exploited to execute arbitrary code, when the user is tricked into clicking on a specially crafted BitTorrent file and then removes it via a right-click from the download pane.
Check if you have opera installed:
# pacman-g2 -Q opera
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy opera
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
-----END PGP SIGNATURE-----
More information about the Frugalware-security