Objavljena je nova inačica preglednika Opera u kojoj su ispravljeni propusti ranijih inačica, a koje su udaljeni napadači mogli iskoristiti za DoS napad i pokretanje proizvoljnog programskog koda.
Uočeno je da programski paket na neodgovarajući način rukuje memorijom prilikom obrade URL adresa te da ponekad stvara neodgovarajući prozor za obavijesti o preuzimanju datoteka.
Posljedica:
Potencijalni napadač opisane nedostatke može iskoristiti kako bi pokrenuo proizvoljni programski kod i izvršio napad uskraćivanjem usluga (DoS).
Rješenje:
Rješenje problema sigurnosti je korištenje nove inačice.
openSUSE Security Update: opera to 12.01
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0992-1
Rating: important
References: #774191
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
Opera was updated to version 12.1, fixing various bugs and
security issues.
http://www.opera.com/docs/changelogs/unix/1201/
Fixes and Stability Enhancements since Opera 12.00 General
and User Interface
Several general fixes and stability improvements
Website thumbnail memory usage improvements Address bar
inline auto-completion no longer prefers shortest domain
Corrected an error that could occur after removing the
plugin wrapper Resolved an issue where favicons were
squeezed too much when many tabs were open
Display and Scripting
Resolved an error with XHR transfers where content-type
was incorrectly determined Improved handling of object
literals with numeric duplicate properties Changed behavior
of nested/chained comma expressions: now expressing and
compiling them as a list rather than a tree Aligned
behavior of the #caller property on function code objects
in ECMAScript 5 strict mode with the specification Fixed an
issue where input type=month would return an incorrect
value in its valueAsDate property Resolved an issue with
JSON.stringify() that could occur on cached number
conversion Fixed a problem with redefining special
properties using Object.defineProperty()
Network and Site-Specific
Fixed an issue where loading would stop at "Document
100%" but the page would still be loading tuenti.com:
Corrected behavior when long content was displayed
https://twitter.com: Fixed an issue with secure transaction
errors Fixed an issue with Google Maps Labs that occured
when compiling top-level loops inside strict evals
Corrected a problem that could occur with DISQUS Fixed a
crash occurring on Lenovo's "Shop now" page Corrected
issues when calling window.console.log via a variable at
watch4you Resolved an issue with Yahoo! chat
Mail, News, Chat
Resolved an issue where under certain conditions the
mail panel would continuously scroll up Fixed a crash
occurring when loading mail databases on startup
Security
Re-fixed an issue where certain URL constructs could
allow arbitrary code execution, as reported by Andrey
Stroganov; see our advisory Fixed an issue where certain
characters in HTML could incorrectly be ignored, which
could facilitate XSS attacks; see our advisory Fixed
another issue where small windows could be used to trick
users into executing downloads as reported by Jordi
Chancel; see our advisory Fixed an issue where an element's
HTML content could be incorrectly returned without
escaping, bypassing some HTML sanitizers; see our advisory
Fixed a low severity issue, details will be disclosed at a
later date
Advisory links from above:
http://www.opera.com/support/kb/view/1016/
http://www.opera.com/support/kb/view/1026/
http://www.opera.com/support/kb/view/1027/
http://www.opera.com/support/kb/view/1025/
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-515
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-515
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
opera-12.01-19.1
opera-gtk-12.01-19.1
opera-kde4-12.01-19.1
- openSUSE 11.4 (i586 x86_64):
opera-12.01-25.1
opera-gtk-12.01-25.1
opera-kde4-12.01-25.1
References:
https://bugzilla.novell.com/774191
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke