openSUSE Security Update: Recommended to 12.10
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:0129-1
Rating:             important
References:         #788321 
Affected Products:
                    openSUSE 11.4/standard/i586/patchinfo.7
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   Fixed security issues:
   -an issue that could cause Opera not to correctly check for
   certificate revocation;
   -an issue where CORS requests could incorrectly retrieve
   contents of cross origin pages;
   -an issue where data URIs could be used to facilitate
   Cross-Site Scripting;
   -a high severity issue, as reported by Gareth Heyes;
   details will be disclosed at a later date
   -an issue where specially crafted SVG images could allow
   execution of arbitrary code;
   -a moderate severity issue, as reported by the Google
   Security Group; details will be disclosed at a later date

   Full changelog available at:
   http://www.opera.com/docs/changelogs/unix/1210


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4/standard/i586/patchinfo.7:

      zypper in -t patch 2012-3

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4/standard/i586/patchinfo.7 (i586 x86_64):

      opera-12.10-36.1
      opera-gtk-12.10-36.1
      opera-kde4-12.10-36.1


References:

   https://bugzilla.novell.com/788321

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org