openSUSE Security Update: Opera update to 12.14 version ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0289-1 Rating: moderate References: #801233 Cross-References: CVE-2013-1618 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Opera was updated to 12.14 version fixing stability issues. This update also consists updates for Opera 12.13 which is a recommended upgrade offering security and stability enhancements. -fixed an issue where Opera gets internal communication errors on Facebook -fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet -fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com) -improved protection against hijacking of the default search, including a one-time reset -fixed an issue where DOM events manipulation might be used to execute arbitrary code; -fixed an issue where use of SVG clipPaths could allow execution of arbitrary code; -CVE-2013-1618: Fixed a TLS information leak. -fixed an issue where CORS requests could omit the preflight request; Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2013-113 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): opera-12.14-38.1 opera-gtk-12.14-38.1 opera-kde4-12.14-38.1 References: http://support.novell.com/security/cve/CVE-2013-1618.html https://bugzilla.novell.com/801233