Mageia alert MGASA-2012-0197 (opera) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0197: opera-12.01-1.mga (1,
 2/nonfree) 
Date:
    	       Fri, 3 Aug 2012 23:04:48 +0200
Message-ID:
    	       <20120803210448.GA24967@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0197
Date: 	August 3rd, 2012
Affected releases: 	1, 2


Description:
Opera 12.01 fixes several security and stability issues found
in previous versions.

Re-fixed an issue where certain URL constructs could allow arbitrary
code execution, as reported by Andrey Stroganov (Critical severity).
http://www.opera.com/support/kb/view/1016/

Fixed an issue where certain characters in HTML could incorrectly be
ignored, which could facilitate XSS attacks (High severity).
http://www.opera.com/support/kb/view/1026/

Fixed another issue where small windows could be used to trick users
into executing downloads as reported by Jordi Chancel (High severity).
http://www.opera.com/support/kb/view/1027/

Fixed an issue where an element's HTML content could be incorrectly
returned without escaping, bypassing some HTML sanitizers
(High severity).
http://www.opera.com/support/kb/view/1025/

An undisclosed low severity issue has also been fixed.

For a complete list of changes including the non-security fixes,
see http://www.opera.com/docs/changelogs/unix/120/


Updated Packages:
Mageia 1:
opera-12.01-1.mga1.nonfree

Mageia 2:
opera-12.01-1.mga2.nonfree


References:
https://bugs.mageia.org/show_bug.cgi?id=6934
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)