Version 11.60 of Opera has been released and closes three security holes in the web browser. Code-named "Tunny", the update addresses a vulnerability affecting some two- and three-letter top-level domains (TLD) that could allow cookies to be set for the TLD itself; these cookies could then be read by other sites using that TLD. A problem related to a weakness in the SSL v3.0 and TLS 1.0 specifications which could be used for eavesdropping attacks against some applications, and a cross-domain information leakage problem in the JavaScript "in" operator, have also been fixed.
Assigned to the package maintainer.
Keywords: (none) => TriagedAssignee: bugsquad => anssi.hannula
opera-11.60-1.mga1 pushed to nonfree/updates_testing Suggested advisory =================== Opera 11.60 fixes several security issues found in Opera 11.52 and earlier and provides other fixes and new features. Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains. http://www.opera.com/support/kb/view/1003/ Improved handling of certificate revocation corner cases. Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo. http://www.opera.com/support/kb/view/1004/ Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom. http://www.opera.com/support/kb/view/1005/ Additionally, a moderately severe undisclosed issue was fixed. References: http://www.opera.com/docs/changelogs/unix/1160/ ==================== Please test.
Status: NEW => ASSIGNEDCC: (none) => anssi.hannulaAssignee: anssi.hannula => qa-bugs
The program is working, but the menu entry doesn't show up.
Testing x86_64 Flash OK Java OK Email OK - They've added date groupings. The menu icon shows for me Dave in KDE, I haven't checked in Gnome yet. Uninstalled too in case it was left over from the previous version and verified it added the menu entry. Which desktop are you using?
I've checked both kde and gnome, and the menu entry for opera itself does not show up in either, on my i586 system. The entry for the opera widget manager shows up under tools/system tools, but not the entry for the browser.
It's present for me x86_64 in both KDE and gnome. I'll try i586 tomorrow and see if it's missing here too.
Dave, did it work with the previous version? The menu entry file and the icon files of 11.60 are identical to those of 11.52.
Found the problem and fixed it with rm .local/share/applications/opera-browser.desktop The file had at date stamp of July 18th. May have been from a beta test. Validating the update. Could someone from the sysadmin push the srpm opera-11.60-1.mga1.nonfree.src.rpm from Nonfree Updates Testing to Nonfree Updates Advisory: Opera 11.60 fixes several security issues found in Opera 11.52 and earlier and provides other fixes and new features. Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains. http://www.opera.com/support/kb/view/1003/ Improved handling of certificate revocation corner cases. Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo. http://www.opera.com/support/kb/view/1004/ Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom. http://www.opera.com/support/kb/view/1005/ Additionally, a moderately severe undisclosed issue was fixed. References: http://www.opera.com/docs/changelogs/unix/1160/ https://bugs.mageia.org/show_bug.cgi?id=3643
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed.
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED