Bug 6934

Summary: Security update request for opera, to 12.01
Product: Mageia Reporter: Anssi Hannula <anssi.hannula>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, fundawang, stormi-mageia, sysadmin-bugs, tmb
Version: 2Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Source RPM: opera CVE:
Status comment:

Description Anssi Hannula 2012-08-02 16:36:36 CEST 
Opera 12.01 has been pushed to mga1+mga2 nonfree/updates_testing by funda.

Suggested advisory
===================
Opera 12.01 fixes several security and stability issues found in previous
versions.

Re-fixed an issue where certain URL constructs could allow arbitrary code execution, as reported by Andrey Stroganov (Critical severity).
http://www.opera.com/support/kb/view/1016/

Fixed an issue where certain characters in HTML could incorrectly be ignored, which could facilitate XSS attacks (High severity).
http://www.opera.com/support/kb/view/1026/

Fixed another issue where small windows could be used to trick users into executing downloads as reported by Jordi Chancel (High severity).
http://www.opera.com/support/kb/view/1027/

Fixed an issue where an element's HTML content could be incorrectly returned without escaping, bypassing some HTML sanitizers (High severity).
http://www.opera.com/support/kb/view/1025/

An undisclosed low severity issue has also been fixed.

For a complete list of changes including the non-security fixes, see
http://www.opera.com/docs/changelogs/unix/120/
====================

Packages:
opera-12.01-1.mga1.nonfree
opera-12.01-1.mga2.nonfree
Comment 1 Anssi Hannula 2012-08-02 16:37:34 CEST 
The URL in the last line of advisory should read:
http://www.opera.com/docs/changelogs/unix/1201/
Samuel Verschelde 2012-08-02 22:18:13 CEST

CC: (none) => stormi
Component: RPM Packages => Security

Comment 2 Dave Hodgins 2012-08-03 02:08:30 CEST 
Does this package fix the missing requires from Bug 6529?
libgstautodetect.so
libgstogg.so
libgsttheora.so
libgstvorbis.so
libgstwavparse.so
If it does, then this will be affected by bug 2317.

CC: (none) => davidwhodgins

Comment 3 Dave Hodgins 2012-08-03 02:49:42 CEST 
Testing complete on Mageia 2 x86-64 using email, nntp, rss, general
web browsing, flash and a java applet.

I'll test Mageia 2 i586 shortly.

Whiteboard: (none) => MGA1TOO MGA2-64-OK

Comment 4 Dave Hodgins 2012-08-03 03:25:29 CEST 
Testing complete on Mageia 2 i586.

I'll test Mageia 1 x86-64 shortly.

Whiteboard: MGA1TOO MGA2-64-OK => MGA1TOO MGA2-64-OK MGA2-32-OK

Comment 5 Dave Hodgins 2012-08-03 03:46:48 CEST 
Testing complete on Mageia 1 x86-64.

The depcheck script confirms that bug 6529 has not been fixed in this
security update.

I'll test Mageia 1 i586 shortly.

Whiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK

Comment 6 Dave Hodgins 2012-08-03 04:05:05 CEST 
Testing complete.

Could someone from the sysadmin team push the srpm
opera-12.01-1.mga2.nonfree
from Mageia 2 Nonfree Updates Testing to Nonfree Updates and the srpm
opera-12.01-1.mga1.nonfree
from Mageia 1 Nonfree Updates Testing to Nonfree Updates.

Advisory: Opera 12.01 fixes several security and stability issues found
in previous versions.

Re-fixed an issue where certain URL constructs could allow arbitrary code
execution, as reported by Andrey Stroganov (Critical severity).
http://www.opera.com/support/kb/view/1016/

Fixed an issue where certain characters in HTML could incorrectly be ignored,
which could facilitate XSS attacks (High severity).
http://www.opera.com/support/kb/view/1026/

Fixed another issue where small windows could be used to trick users into
executing downloads as reported by Jordi Chancel (High severity).
http://www.opera.com/support/kb/view/1027/

Fixed an issue where an element's HTML content could be incorrectly returned
without escaping, bypassing some HTML sanitizers (High severity).
http://www.opera.com/support/kb/view/1025/

An undisclosed low severity issue has also been fixed.

For a complete list of changes including the non-security fixes, see
http://www.opera.com/docs/changelogs/unix/120/

https://bugs.mageia.org/show_bug.cgi?id=6934

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK

Comment 7 Thomas Backlund 2012-08-03 23:05:03 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0197

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED