Several security and usage problems and have been found in recent Opera versions: * DOM events manipulation might be used to execute arbitrary code * Use of SVG clipPaths could allow execution of arbitrary code * TLS response timings could indicate network contents * CORS requests could omit the preflight request * Re-occuring crash allowing users to update two or more extensions at one time The opera package has been updated to latest 12.14 to fix above problems. See here: http://www.opera.com/docs/changelogs/unified/1213/ http://www.opera.com/docs/changelogs/unified/1214/
*** Bug 8993 has been marked as a duplicate of this bug. ***
CC: (none) => davidwhodgins
Could someone from the sysadmin team push the srpm opera-12.14-1.mga2.nonfree.src.rpm from Mageia 2 Nonfree Updates Testing to Nonfree Updates. Better advisory: =================== Opera 12.14 contains fixes to several security and stability issues found in 12.12 and earlier versions and contains other general fixes. Fixed an issue where DOM events manipulation might be used to execute arbitrary code, as reported by Arthur Gerkis. (kb 1042, high severity) Fixed an issue where use of SVG clipPaths could allow execution of arbitrary code, as reported by anonymous via the iSIGHT Partners GVP Program. (kb 1043, high severity) Fixed an issue where TLS response timings could indicate network contents, as reported by Nadhem AlFardan and Kenny Paterson. (kb 1044, low severity) Fixed an issue where CORS requests could omit the preflight request, as reported by webpentest. (kb 1045, low severity) For a complete list of changes including the non-security fixes, see the referenced changelog pages. http://www.opera.com/support/kb/view/1042/ http://www.opera.com/support/kb/view/1043/ http://www.opera.com/support/kb/view/1044/ http://www.opera.com/support/kb/view/1045/ http://www.opera.com/docs/changelogs/unified/1213/ http://www.opera.com/docs/changelogs/unified/1214/ ====================
Keywords: (none) => validated_updateCC: (none) => anssi.hannula, sysadmin-bugsWhiteboard: (none) => mga2-64-ok mga2-32-ok
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0043
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED