openSUSE Security Update: opera: Upgrade to 10.60 release ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0368-1 Rating: moderate References: #583620 #607823 #615942 Cross-References: CVE-2010-0653 CVE-2010-1993 Affected Products: openSUSE 11.2 openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. It includes one version update. Description: Opera was upgraded to the 10.60 release. It brings lots of new features, bugfixes and security fixes. Security fixes include: CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets even when the style sheet download has an incorrect MIME type and the style sheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch opera-2673 - openSUSE 11.1: zypper in -t patch opera-2673 - openSUSE 11.0: zypper in -t patch opera-2673 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 x86_64) [New Version: 10.60]: opera-10.60-0.1.1 - openSUSE 11.1 (i586 ppc x86_64) [New Version: 10.60]: opera-10.60-0.1.1 - openSUSE 11.0 (i586 ppc x86_64) [New Version: 10.60]: opera-10.60-0.1 References: http://support.novell.com/security/cve/CVE-2010-0653.html http://support.novell.com/security/cve/CVE-2010-1993.html https://bugzilla.novell.com/583620 https://bugzilla.novell.com/607823 https://bugzilla.novell.com/615942