MGASA-2013-0043
Date: | February 8th, 2013 |
Affected releases: | 2 |
Media: | Nonfree |
Description:
Opera 12.14 contains fixes to several security and stability issues found
in 12.12 and earlier versions and contains other general fixes.
Fixed an issue where DOM events manipulation might be used to execute
arbitrary code, as reported by Arthur Gerkis. (kb 1042, high severity)
Fixed an issue where use of SVG clipPaths could allow execution of
arbitrary code, as reported by anonymous via the iSIGHT Partners GVP
Program. (kb 1043, high severity)
Fixed an issue where TLS response timings could indicate network contents,
as reported by Nadhem AlFardan and Kenny Paterson. (kb 1044, low severity)
Fixed an issue where CORS requests could omit the preflight request, as
reported by webpentest. (kb 1045, low severity)
For a complete list of changes including the non-security fixes, see the
referenced changelog pages.
Updated Packages:
i586:
opera-12.14-1.mga2.nonfree.i586.rpm
x86_64:
opera-12.14-1.mga2.nonfree.x86_64.rpm
SRPMS:
opera-12.14-1.mga2.nonfree.src.rpm
References:
http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
http://www.opera.com/support/kb/view/1044/
http://www.opera.com/support/kb/view/1045/
http://www.opera.com/docs/changelogs/unified/1213/
http://www.opera.com/docs/changelogs/unified/1214/
https://bugs.mageia.org/show_bug.cgi?id=8996