From Mageia wiki
Jump to: navigation, search

MGASA-2012-0197

Date: August 3rd, 2012
Affected releases: 1, 2


Description:
Opera 12.01 fixes several security and stability issues found
in previous versions.

Re-fixed an issue where certain URL constructs could allow arbitrary
code execution, as reported by Andrey Stroganov (Critical severity).
http://www.opera.com/support/kb/view/1016/

Fixed an issue where certain characters in HTML could incorrectly be
ignored, which could facilitate XSS attacks (High severity).
http://www.opera.com/support/kb/view/1026/

Fixed another issue where small windows could be used to trick users
into executing downloads as reported by Jordi Chancel (High severity).
http://www.opera.com/support/kb/view/1027/

Fixed an issue where an element's HTML content could be incorrectly
returned without escaping, bypassing some HTML sanitizers
(High severity).
http://www.opera.com/support/kb/view/1025/

An undisclosed low severity issue has also been fixed.

For a complete list of changes including the non-security fixes,
see http://www.opera.com/docs/changelogs/unix/120/


Updated Packages:
Mageia 1:
opera-12.01-1.mga1.nonfree

Mageia 2:
opera-12.01-1.mga2.nonfree


References:
https://bugs.mageia.org/show_bug.cgi?id=6934