Opera update seals security holes

A new version of Opera, released Friday, fixes two vulnerabilities in the Web browser.

The vulnerabilities, disclosed to the BugTraq security mailing list over the weekend, allow rogue Web sites to take control of a victim's computer by exploiting weaknesses in the way the browser handles "skin" files, or configuration files that can change the look of a program.

An advisory, written by Jouko Pynnonen of Finland, describes scenarios that would allow an attacker to seize control of systems running Opera, all of which require some degree of user interaction to be successfully exploited.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

"In order to be exploited, these vulnerabilities require the victim to visit a Web page created by a malicious user," he wrote.

Though Pynnonen says one vulnerability affects Windows systems only, the second vulnerability, a buffer overflow, will allow an attacker to take control of Linux-based systems.

"The directory traversal problem doesn't exist on Linux...Other versions weren't tested," the advisory read, noting also that "the buffer overflow can be produced on Linux, too."

The new version of the Opera browser is available on the Web site of Norway-based Opera Software.

ZDNet Australia's Patrick Gray reported from .