FreeBSD : opera -- multiple vulnerabilities (a4a809d8-25c8-11e1-b531-00215c6a37bb) (BEAST)

Critical Nessus Plugin ID 57294

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Opera software reports :

- Fixed a moderately severe issue; details will be disclosed at a later date

- Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory

- Improved handling of certificate revocation corner cases

- Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory

- Fixed an issue where the JavaScript 'in' operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?21e02e7d

http://www.nessus.org/u?ab850084

http://www.nessus.org/u?2a634c7c

http://www.nessus.org/u?7de99597

Plugin Details

Severity: Critical

ID: 57294

File Name: freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl

Version: 1.14

Type: local

Published: 2011/12/14

Updated: 2019/10/16

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/12/13

Vulnerability Publication Date: 2011/12/06

Reference Information

CVE: CVE-2011-3389, CVE-2011-4681, CVE-2011-4682, CVE-2011-4683