Bug 8996 - [Update Request] Update opera to 12.14 to fix several security problems
: [Update Request] Update opera to 12.14 to fix several security problems
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
:
: mga2-64-ok mga2-32-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-02-08 09:22 CET by Funda Wang
Modified: 2013-02-08 16:04 CET (History)
4 users (show)

See Also:
Source RPM: opera-12.14-1.mga2
CVE:
Status comment:


Attachments

Description Funda Wang 2013-02-08 09:22:43 CET
Several security and usage problems and have been found in recent Opera versions:

* DOM events manipulation might be used to execute arbitrary code
* Use of SVG clipPaths could allow execution of arbitrary code
* TLS response timings could indicate network contents
* CORS requests could omit the preflight request
* Re-occuring crash allowing users to update two or more extensions at one time

The opera package has been updated to latest 12.14 to fix above problems.

See here:
http://www.opera.com/docs/changelogs/unified/1213/
http://www.opera.com/docs/changelogs/unified/1214/
Comment 1 claire robinson 2013-02-08 10:14:37 CET
*** Bug 8993 has been marked as a duplicate of this bug. ***
Comment 2 claire robinson 2013-02-08 10:19:10 CET
Could someone from the sysadmin team push the srpm
opera-12.14-1.mga2.nonfree.src.rpm
from Mageia 2 Nonfree Updates Testing to Nonfree Updates.

Better advisory:

===================
Opera 12.14 contains fixes to several security and stability issues found in
12.12 and earlier versions and contains other general fixes.

Fixed an issue where DOM events manipulation might be used to execute arbitrary
code, as reported by Arthur Gerkis. (kb 1042, high severity)

Fixed an issue where use of SVG clipPaths could allow execution of arbitrary
code, as reported by anonymous via the iSIGHT Partners GVP Program. (kb 1043,
high severity)

Fixed an issue where TLS response timings could indicate network contents, as
reported by Nadhem AlFardan and Kenny Paterson. (kb 1044, low severity)

Fixed an issue where CORS requests could omit the preflight request, as
reported by webpentest. (kb 1045, low severity)

For a complete list of changes including the non-security fixes, see the
referenced changelog pages.

http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
http://www.opera.com/support/kb/view/1044/
http://www.opera.com/support/kb/view/1045/
http://www.opera.com/docs/changelogs/unified/1213/
http://www.opera.com/docs/changelogs/unified/1214/
====================
Comment 3 Thomas Backlund 2013-02-08 16:04:18 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0043

Note You need to log in before you can comment on or make changes to this bug.