Mailinglist Archive: opensuse-security-announce (26 mails)

< Previous Next >
[security-announce] openSUSE-SU-2013:0129-1: important: Recommended to 12.10
openSUSE Security Update: Recommended to 12.10
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0129-1
Rating: important
References: #788321
Affected Products:
openSUSE 11.4/standard/i586/patchinfo.7
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

Fixed security issues:
-an issue that could cause Opera not to correctly check for
certificate revocation;
-an issue where CORS requests could incorrectly retrieve
contents of cross origin pages;
-an issue where data URIs could be used to facilitate
Cross-Site Scripting;
-a high severity issue, as reported by Gareth Heyes;
details will be disclosed at a later date
-an issue where specially crafted SVG images could allow
execution of arbitrary code;
-a moderate severity issue, as reported by the Google
Security Group; details will be disclosed at a later date

Full changelog available at:
http://www.opera.com/docs/changelogs/unix/1210


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4/standard/i586/patchinfo.7:

zypper in -t patch 2012-3

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4/standard/i586/patchinfo.7 (i586 x86_64):

opera-12.10-36.1
opera-gtk-12.10-36.1
opera-kde4-12.10-36.1


References:

https://bugzilla.novell.com/788321

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages