MGASA-2012-0197
Date: | August 3rd, 2012 |
Affected releases: | 1, 2 |
Description:
Opera 12.01 fixes several security and stability issues found
in previous versions.
Re-fixed an issue where certain URL constructs could allow arbitrary
code execution, as reported by Andrey Stroganov (Critical severity).
http://www.opera.com/support/kb/view/1016/
Fixed an issue where certain characters in HTML could incorrectly be
ignored, which could facilitate XSS attacks (High severity).
http://www.opera.com/support/kb/view/1026/
Fixed another issue where small windows could be used to trick users
into executing downloads as reported by Jordi Chancel (High severity).
http://www.opera.com/support/kb/view/1027/
Fixed an issue where an element's HTML content could be incorrectly
returned without escaping, bypassing some HTML sanitizers
(High severity).
http://www.opera.com/support/kb/view/1025/
An undisclosed low severity issue has also been fixed.
For a complete list of changes including the non-security fixes,
see http://www.opera.com/docs/changelogs/unix/120/
Updated Packages:
Mageia 1:
opera-12.01-1.mga1.nonfree
Mageia 2:
opera-12.01-1.mga2.nonfree
References:
https://bugs.mageia.org/show_bug.cgi?id=6934