GLSA-200609-18 : Opera: RSA signature forgery
Medium Nessus Plugin ID 22469
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200609-18 (Opera: RSA signature forgery)
Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3.
An attacker could forge certificates which will appear valid and signed by a trusted CA.
There is no known workaround at this time.
SolutionAll Opera users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/opera-9.02'