MGASA-2012-0326
| Date: | November 7th, 2012 |
| Affected releases: | 1, 2 |
Description:
Opera 12.10 fixes several security and stability issues found in
previous versions and contains new and improved features.
Fixed an issue that could cause Opera not to correctly check for
certificate revocation. (kb 1029)
Fixed an issue where CORS requests could incorrectly retrieve contents
of cross origin pages. (kb 1030)
Fixed an issue where data URIs could be used to facilitate Cross-Site
Scripting. (kb 1031)
Fixed a high severity issue, as reported by Gareth Heyes; details will
be disclosed at a later date.
Fixed an issue where specially crafted SVG images could allow execution
of arbitrary code, as reported by Attila Suszter. (kb 1033)
Fixed a moderate severity issue, as reported by the Google Security
Group; details will be disclosed at a later date.
Additionally, the opera package now suggests gstreamer0.10-plugins-good
so that HTML5 audio in WAV format will work in the case the package was
not already installed.
For a complete list of changes including the non-security fixes, see
the refereced changelog.
Updated Packages:
Mageia 1:
opera-12.10-1.mga1
Mageia 2:
opera-12.10-1.1.mga2
References:
http://www.opera.com/support/kb/view/1029/
http://www.opera.com/support/kb/view/1030/
http://www.opera.com/support/kb/view/1031/
http://www.opera.com/support/kb/view/1033/
http://www.opera.com/docs/changelogs/unified/1210/
https://bugs.mageia.org/show_bug.cgi?id=8007
