openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)
High Nessus Plugin ID 48430
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of opera fixes the following vulnerabilities :
- CVE-2010-2576: CVSS v2 Base Score: 6.8 (CWE-94):
unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia
- CVE-2010-3019: CVSS v2 Base Score: 9.3 (CWE-119): heap buffer overflow in HTML5 canvas could be used to execute arbitrary code, as reported by Kuzzcc
- CVE-2010-3020: CVSS v2 Base Score: 5.0 (CWE-264): news feed preview could subscribe to feeds without interaction, as reported by Alexios Fakos
- CVE-2010-3021: CVSS v2 Base Score: 4.3 (CWE-399): remote attackers could trigger a remote denial of service (CPU consumption and application hang) via an animated PNG image
SolutionUpdate the affected opera package.