Opera fails to correctly verify certain signatures.
|Package||www-client/opera on all architectures|
|Affected versions||< 9.02|
|Unaffected versions||>= 9.02|
Opera is a multi-platform web browser.
Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3.
An attacker could forge certificates which will appear valid and signed by a trusted CA.
There is no known workaround at this time.
All Opera users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.02"
September 28, 2006
September 28, 2006: 02