4280 – Security update for opera to version 11.61

Bug 4280 - Security update for opera to version 11.61

Summary: Security update for opera to version 11.61

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	1
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:
Keywords:	Security, validated_update

Depends on:
Blocks:

Reported:	2012-01-25 15:21 CET by Anssi Hannula
Modified:	2012-01-27 23:14 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	opera
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Anssi Hannula 2012-01-25 15:21:24 CET

opera-11.61-1.mga1 pushed to nonfree/updates_testing by funda.

Suggested advisory
===================
Opera 11.61 fixes several security issues and other bugs found in previous versions.

Fixed an issue where manipulation of framed content can allow cross-site scripting, as reported by Michal Zalewski.
http://www.opera.com/support/kb/view/1007/

Fixed an issue where script events could be used to reveal the presence of local files.
http://www.opera.com/support/kb/view/1008/

For a list of other fixes, see:
http://www.opera.com/docs/changelogs/unix/1161/
====================

Please test.

Comment 1 claire robinson 2012-01-25 17:44:15 CET

Thankyou Anssi :)

Testing x86_64

Java, email, flash video all ok

I notice in terminal though when watching a video on youtube..

(<unknown>:22247): GStreamer-CRITICAL **: gst_debug_add_log_function: assertion `func != NULL' failed

(operapluginwrapper-native:22432): GLib-GObject-CRITICAL **: g_object_unref: assertion `G_IS_OBJECT (object)' failed

Is this anything to worry about?

Also when hovering the mouse over the video it shows a 'click to activate and use this control' message, which might just be a setting somewhere.

Comment 2 Anssi Hannula 2012-01-25 17:53:34 CET

I don't think so (unless you see visible regressions), the first one seems like some API issue between opera<->gstreamer, but the error seems to be on a probably harmless function. The second one looks like some Flash player bug.

The "click to activate and use this control" probably means that you can click the applet to put it in focus, i.e. keyboard events get pushed to the flash applet instead of the browser.

Comment 3 claire robinson 2012-01-25 18:15:39 CET

No, everything I tried seemed to work as intended.

Testing complete x86_64 in that case

Manuel Hiebel 2012-01-25 23:25:53 CET

Component: RPM Packages => Security
Source RPM: (none) => opera

Comment 4 Dave Hodgins 2012-01-26 01:47:38 CET

Testing complete on i586. Validating the update.

Could someone from the sysadmin team push the srpm
opera-11.61-1.mga1.nonfree.src.rpm
from Nonfree Updates Testing to Nonfree Updates.

Advisory: Opera 11.61 fixes several security issues and other
bugs found in previous versions.

Fixed an issue where manipulation of framed content can allow
cross-site scripting, as reported by Michal Zalewski.
http://www.opera.com/support/kb/view/1007/

Fixed an issue where script events could be used to reveal the
presence of local files.
http://www.opera.com/support/kb/view/1008/

For a list of other fixes, see:
http://www.opera.com/docs/changelogs/unix/1161/

https://bugs.mageia.org/show_bug.cgi?id=4280

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Thomas Backlund 2012-01-27 23:14:14 CET

update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.