Opera fails to correctly verify certain signatures.
| Package | www-client/opera on all architectures | 
|---|---|
| Affected versions | < 9.02 | 
| Unaffected versions | >= 9.02 | 
Opera is a multi-platform web browser.
Opera makes use of OpenSSL, which fails to correctly verify PKCS #1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates with exponent 3.
An attacker could forge certificates which will appear valid and signed by a trusted CA.
There is no known workaround at this time.
All Opera users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-9.02"
      Release date
      
      September 28, 2006
    
      Latest revision
      
      September 28, 2006: 02
    
      Severity
      
      normal
    
      Exploitable
      
      remote
    
Bugzilla entries