Bug 8162

Summary: [Update Request]Update opera to latest stable version to fix several security problems
Product: Mageia Reporter: Funda Wang <fundawang>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.opera.com/docs/changelogs/unified/1211/
Whiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Source RPM: opera-12.11-1.mga2 CVE:
Status comment:

Description Funda Wang 2012-11-20 10:41:58 CET 
The opera package prior to 12.11 contains several security problems:

* HTTP response heap buffer overflow can allow execution of arbitrary code.
  http://www.opera.com/support/kb/view/1036/

* Error pages can be used to guess local file paths.
  http://www.opera.com/support/kb/view/1037/

Opera has been updated to 12.11 to fix above problems.
Funda Wang 2012-11-20 10:42:21 CET

Whiteboard: (none) => MGA1TOO

Comment 1 Dave Hodgins 2012-11-20 20:02:37 CET 
Testing complete on Mageia 1 and 2, i586 and x86-64.

Could someone from the sysadmin team push the srpm
opera-12.11-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates and the srpm
opera-12.11-1.mga1.nonfree.src.rpm
from Mageia 1 Nonfree Updates Testing to Nonfree Updates.

Advisory: The opera package prior to 12.11 contains several security problems:

* HTTP response heap buffer overflow can allow execution of arbitrary code.
  http://www.opera.com/support/kb/view/1036/

* Error pages can be used to guess local file paths.
  http://www.opera.com/support/kb/view/1037/

Opera has been updated to 12.11 to fix above problems.

https://bugs.mageia.org/show_bug.cgi?id=8162

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: MGA1TOO => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK

Comment 2 Thomas Backlund 2012-11-21 21:09:37 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0337

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 3 James Kerr 2012-11-26 05:36:23 CET 
Opera 12.11 needs to be pushed from testing to updates on Mageia 2. (It has been pushed on Mageia 1 only.)
Comment 4 claire robinson 2012-11-26 10:39:52 CET 
Confirmed.

$ ./depcheck opera
Mageia release 2 (Official) for x86_64
------------------
Nonfree Release
opera-11.64-1.mga2.nonfree
------------------
Nonfree Updates
opera-12.00-1.1.mga2.nonfree
opera-12.01-1.mga2.nonfree
opera-12.02-1.mga2.nonfree
opera-12.10-1.1.mga2.nonfree
------------------
Nonfree Updates Testing
opera-12.11-1.mga2.nonfree
------------------
Manuel Hiebel 2012-11-26 12:44:29 CET

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 5 Thomas Backlund 2012-11-26 15:16:27 CET 
Oops. Sorry about that, and thanks for notifying us.

opera-12.11 pushed for Mga2

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED