openSUSE Security Update : Opera (openSUSE-SU-2013:0289-2)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Opera was updated to 12.14 version fixing stability issues. This
update also consists updates for Opera 12.13 which is a recommended
upgrade offering security and stability enhancements.

-fixed an issue where Opera gets internal communication errors on
Facebook

-fixed an issue where no webpages load on startup, if Opera
is disconnected from the Internet

-fixed an issue where images will not load after back
navigation, when a site uses the HTML5 history API
(deviantart.com)

-improved protection against hijacking of the default
search, including a one-time reset

-fixed an issue where DOM events manipulation might be used
to execute arbitrary code;

-fixed an issue where use of SVG clipPaths could allow
execution of arbitrary code;

-CVE-2013-1618: Fixed a TLS information leak.

-fixed an issue where CORS requests could omit the preflight
request;

See also :

http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00093.html
https://bugzilla.novell.com/show_bug.cgi?id=801233

Solution :

Update the affected Opera packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.8
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 74888 ()

Bugtraq ID:

CVE ID: CVE-2013-1618

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now