Mailinglist Archive: opensuse-updates (57 mails)

< Previous Next >
openSUSE-SU-2010:0422-1 (moderate): opera: cross-origin loading of CSS stylesheets
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Thu, 22 Jul 2010 19:08:22 +0200 (CEST)
  • Message-id: <20100722170822.39356BE29@xxxxxxxxxxxxxx>
openSUSE Security Update: opera: cross-origin loading of CSS stylesheets
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0422-1
Rating: moderate
References: #583620 #607823 #615942
Cross-References: CVE-2010-0653
Affected Products:
openSUSE 11.3
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available. It includes one version update.

Description:

Opera was upgraded to the 10.60 release.

It brings lots of new features, bugfixes and security fixes.

Security fixes include: CVE-2010-0653: Opera permits
cross-origin loading of CSS style sheets even when the
style sheet download has an incorrect MIME type and the
style sheet document is malformed, which allows remote HTTP
servers to obtain sensitive information via a crafted
document.

CVE-2010-1993: Opera 9.52 does not properly handle an
IFRAME element with a mailto: URL in its SRC attribute,
which allows remote attackers to cause a denial of service
(resource consumption) via an HTML document with many
IFRAME elements.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch opera-2681

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 x86_64) [New Version: 10.60]:

opera-10.60-0.1.1


References:

http://support.novell.com/security/cve/CVE-2010-0653.html
https://bugzilla.novell.com/583620
https://bugzilla.novell.com/607823
https://bugzilla.novell.com/615942


< Previous Next >
This Thread
  • No further messages