openSUSE Security Update: opera to 12.10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1481-1 Rating: important References: #788321 Affected Products: openSUSE 12.2 openSUSE 12.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This Opera 12.10 security update fixes following security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate Cross-Site Scripting; -a high severity issue, as reported by Gareth Heyes; details will be disclosed at a later date -an issue where specially crafted SVG images could allow execution of arbitrary code; -a moderate severity issue, as reported by the Google Security Group; details will be disclosed at a later date Full changelog available at: http://www.opera.com/docs/changelogs/unix/1210 Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.2: zypper in -t patch openSUSE-2012-777 - openSUSE 12.1: zypper in -t patch openSUSE-2012-777 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.2 (i586 x86_64): opera-12.10-6.1 opera-gtk-12.10-6.1 opera-kde4-12.10-6.1 - openSUSE 12.1 (i586 x86_64): opera-12.10-26.1 opera-gtk-12.10-26.1 opera-kde4-12.10-26.1 References: https://bugzilla.novell.com/788321 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org