85232 2002-11-23 18:18 /56 rader/ Peter Bieringer <pb@bieringer.de>
Importerad: 2002-11-23 18:18 av Brevbäraren
Extern mottagare: Maillist full-disclosure <full-disclosure@lists.netsys.com>
Mottagare: Bugtraq (import) <2508>
Ärende: Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site
------------------------------------------------------------
Hi,
sure very late, forgotten. This is not a real advisory but for
information, because problem was found during private usage.
Problem found with version
opera-6.03-20020813.3-shared-qt.i386.rpm
(perhaps older versions, too)
on a Red Hat Linux 7.3 fully updated system (time around August)
Used squid version: 2.4.STABLE6-6.7.3
Problem description:
In case of using Squid as HTTPS-proxy Opera crashes reproducable if a
HTTPS request was started to a site after (not by a global CA signed)
certificate was accepted:
URL tried: https://www.aerasec.de/
Without HTTPS-proxy (direct connection) Opera didn't crash.
Solution:
Upgrade to availible version 6.10 or later
History:
2002 Aug 19: first report to Opera to security at opera dot com
2002 Aug 20: first reaction
2002 Sep ??: provide core file, strace and captured packets
2002 Oct 04: reproduced by Opera, told that pre-release of 6.1 is ok
2002 Nov ??: 6.10 was released without this problem
They told me nothing about the reason of the problem, the
reproduction of the problem needs more time than their check that the
pre-release of 6.10 has no problems...
BTW: Sometimes the newer version of Opera (Linux, but also Window)
still crashes mostly on heavy usage of different SSL sites, has
someone else such experiences made?
Peter
---
Dr. Peter Bieringer
mailto: pb at bieringer dot de
http://www.bieringer.de/pb/
Key 0x958F422D : B501 24F4 9418 23E2 C0F3 F833 7B57 AA7B 958F 422D
(85232) /Peter Bieringer <pb@bieringer.de>/---------
Bilaga (application/pgp-signature) i text 85233
85233 2002-11-23 18:18 /8 rader/ Peter Bieringer <pb@bieringer.de>
Importerad: 2002-11-23 18:18 av Brevbäraren
Extern mottagare: Maillist full-disclosure <full-disclosure@lists.netsys.com>
Mottagare: Bugtraq (import) <2509>
Bilaga (text/plain) till text 85232
Ärende: Bilaga till: Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE93ArGe1eqe5WPQi0RAuZiAKCTzVvPGVDLQKpBL7UxBiM5NlbPowCeIoFh
ic55V8+RqVNY9OCA04Mwkxs=
=lB3s
-----END PGP SIGNATURE-----
(85233) /Peter Bieringer <pb@bieringer.de>/---------