openSUSE Security Update : opera (openSUSE-SU-2010:0368-1)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Opera was upgraded to the 10.60 release.

It brings lots of new features, bugfixes and security fixes.

Security fixes include: CVE-2010-0653: Opera permits cross-origin
loading of CSS style sheets even when the style sheet download has an
incorrect MIME type and the style sheet document is malformed, which
allows remote HTTP servers to obtain sensitive information via a
crafted document.

CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element
with a mailto: URL in its SRC attribute, which allows remote attackers
to cause a denial of service (resource consumption) via an HTML
document with many IFRAME elements.

See also :

http://lists.opensuse.org/opensuse-updates/2010-07/msg00008.html
https://bugzilla.novell.com/show_bug.cgi?id=583620
https://bugzilla.novell.com/show_bug.cgi?id=607823
https://bugzilla.novell.com/show_bug.cgi?id=615942

Solution :

Update the affected opera package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 47725 ()

Bugtraq ID:

CVE ID: CVE-2010-0653
CVE-2010-1993

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now