SUSE-SA:2006:038: opera

high Nessus Plugin ID 24418

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:038 (opera).

The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem:

- CVE-2006-3198: An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files.

If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code.

- CVE-2006-3331: Opera did not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.

Solution

http://www.novell.com/linux/security/advisories/2006_38_opera.html

Plugin Details

Severity: High

ID: 24418

File Name: suse_SA_2006_038.nasl

Version: 1.10

Agent: unix

Family: SuSE Local Security Checks

Published: 2/18/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Detections

Analytics