openSUSE Security Update : opera (openSUSE-SU-2012:0992-1)

high Nessus Plugin ID 74714

Synopsis

The remote openSUSE host is missing a security update.

Description

Opera was updated to version 12.1, fixing various bugs and security issues.

http://www.opera.com/docs/changelogs/unix/1201/

Fixes and Stability Enhancements since Opera 12.00 General and User Interface

Several general fixes and stability improvements

Website thumbnail memory usage improvements

Address bar inline auto-completion no longer prefers shortest domain

Corrected an error that could occur after removing the plugin wrapper

Resolved an issue where favicons were squeezed too much when many tabs were open

Display and Scripting

Resolved an error with XHR transfers where content-type was incorrectly determined

Improved handling of object literals with numeric duplicate properties

Changed behavior of nested/chained comma expressions: now expressing and compiling them as a list rather than a tree

Aligned behavior of the #caller property on function code objects in ECMAScript 5 strict mode with the specification

Fixed an issue where input type=month would return an incorrect value in its valueAsDate property

Resolved an issue with JSON.stringify() that could occur on cached number conversion

Fixed a problem with redefining special properties using Object.defineProperty()

Network and Site-Specific

Fixed an issue where loading would stop at 'Document 100%' but the page would still be loading

tuenti.com: Corrected behavior when long content was displayed

https://twitter.com Fixed an issue with secure transaction errors

Fixed an issue with Google Maps Labs that occured when compiling top-level loops inside strict evals

Corrected a problem that could occur with DISQUS

Fixed a crash occurring on Lenovo's 'Shop now' page

Corrected issues when calling window.console.log via a variable at watch4you

Resolved an issue with Yahoo! chat

Mail, News, Chat

Resolved an issue where under certain conditions the mail panel would continuously scroll up

Fixed a crash occurring when loading mail databases on startup

Security

Re-fixed an issue where certain URL constructs could allow arbitrary code execution, as reported by Andrey Stroganov; see our advisory

Fixed an issue where certain characters in HTML could incorrectly be ignored, which could facilitate XSS attacks;
see our advisory

Fixed another issue where small windows could be used to trick users into executing downloads as reported by Jordi Chancel; see our advisory

Fixed an issue where an element's HTML content could be incorrectly returned without escaping, bypassing some HTML sanitizers; see our advisory

Fixed a low severity issue, details will be disclosed at a later date

Advisory links from above: http://www.opera.com/support/kb/view/1016/ http://www.opera.com/support/kb/view/1026/ http://www.opera.com/support/kb/view/1027/ http://www.opera.com/support/kb/view/1025/

Solution

Update the affected opera packages.

See Also

https://help.opera.com/en/latest/

http://www.nessus.org/u?ebf356d6

http://www.nessus.org/u?a8ababd3

http://www.nessus.org/u?207fc210

http://www.nessus.org/u?ffb92c6b

https://bugzilla.novell.com/show_bug.cgi?id=774191

https://lists.opensuse.org/opensuse-updates/2012-08/msg00024.html

https://twitter.com

Plugin Details

Severity: High

ID: 74714

File Name: openSUSE-2012-515.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, p-cpe:/a:novell:opensuse:opera-gtk, p-cpe:/a:novell:opensuse:opera-kde4, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 8/5/2012

Vulnerability Publication Date: 8/5/2012