[security-announce] openSUSE-SU-2013:0129-1: important: Recommended to 12.10

[news 28]

openSUSE Security Update: Recommended to 12.10

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2013:0129-1

Rating: important

References: #788321

Affected Products:

openSUSE 11.4/standard/i586/patchinfo.7

______________________________________________________________________________

 

An update that contains security fixes can now be installed.

 

Description:

 

Fixed security issues:

-an issue that could cause Opera not to correctly check for

certificate revocation;

-an issue where CORS requests could incorrectly retrieve

contents of cross origin pages;

-an issue where data URIs could be used to facilitate

Cross-Site Scripting;

-a high severity issue, as reported by Gareth Heyes;

details will be disclosed at a later date

-an issue where specially crafted SVG images could allow

execution of arbitrary code;

-a moderate severity issue, as reported by the Google

Security Group; details will be disclosed at a later date

 

Full changelog available at:

http://www.opera.com/docs/changelogs/unix/1210

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 11.4/standard/i586/patchinfo.7:

 

zypper in -t patch 2012-3

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 11.4/standard/i586/patchinfo.7 (i586 x86_64):

 

opera-12.10-36.1

opera-gtk-12.10-36.1

opera-kde4-12.10-36.1

 

 

References:

 

https://bugzilla.novell.com/788321

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org