Lucene search
K

openSUSE Security Update : opera (openSUSE-SU-2012:0992-1)

🗓️ 13 Jun 2014 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 12 Views

openSUSE-SU-2012:0992-1 update for opera version 12.1 with bug and security fixe

Refs
Code
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2012-515.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74714);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_name(english:"openSUSE Security Update : opera (openSUSE-SU-2012:0992-1)");
  script_summary(english:"Check for the openSUSE-2012-515 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Opera was updated to version 12.1, fixing various bugs and security
issues.

http://www.opera.com/docs/changelogs/unix/1201/

Fixes and Stability Enhancements since Opera 12.00 General and User
Interface

Several general fixes and stability improvements

Website thumbnail memory usage improvements

Address bar inline auto-completion no longer prefers
shortest domain

Corrected an error that could occur after removing the
plugin wrapper

Resolved an issue where favicons were squeezed too much when
many tabs were open

Display and Scripting

Resolved an error with XHR transfers where content-type was
incorrectly determined

Improved handling of object literals with numeric duplicate
properties

Changed behavior of nested/chained comma expressions: now
expressing and compiling them as a list rather than a tree

Aligned behavior of the #caller property on function code
objects in ECMAScript 5 strict mode with the specification

Fixed an issue where input type=month would return an
incorrect value in its valueAsDate property

Resolved an issue with JSON.stringify() that could occur on
cached number conversion

Fixed a problem with redefining special properties using
Object.defineProperty()

Network and Site-Specific

Fixed an issue where loading would stop at 'Document 100%' but the
page would still be loading

tuenti.com: Corrected behavior when long content was
displayed

https://twitter.com Fixed an issue with secure transaction
errors

Fixed an issue with Google Maps Labs that occured when
compiling top-level loops inside strict evals

Corrected a problem that could occur with DISQUS

Fixed a crash occurring on Lenovo's 'Shop now' page

Corrected issues when calling window.console.log via a
variable at watch4you

Resolved an issue with Yahoo! chat

Mail, News, Chat

Resolved an issue where under certain conditions the mail panel would
continuously scroll up

Fixed a crash occurring when loading mail databases on
startup

Security

Re-fixed an issue where certain URL constructs could allow arbitrary
code execution, as reported by Andrey Stroganov; see our advisory

Fixed an issue where certain characters in HTML could
incorrectly be ignored, which could facilitate XSS attacks;
see our advisory

Fixed another issue where small windows could be used to
trick users into executing downloads as reported by Jordi
Chancel; see our advisory

Fixed an issue where an element's HTML content could be
incorrectly returned without escaping, bypassing some HTML
sanitizers; see our advisory

Fixed a low severity issue, details will be disclosed at a
later date

Advisory links from above: http://www.opera.com/support/kb/view/1016/
http://www.opera.com/support/kb/view/1026/
http://www.opera.com/support/kb/view/1027/
http://www.opera.com/support/kb/view/1025/"
  );
  # http://www.opera.com/docs/changelogs/unix/1201/
  script_set_attribute(
    attribute:"see_also",
    value:"https://help.opera.com/en/latest/"
  );
  # http://www.opera.com/support/kb/view/1016/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ebf356d6"
  );
  # http://www.opera.com/support/kb/view/1025/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a8ababd3"
  );
  # http://www.opera.com/support/kb/view/1026/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?207fc210"
  );
  # http://www.opera.com/support/kb/view/1027/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ffb92c6b"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=774191"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2012-08/msg00024.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://twitter.com"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected opera packages."
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera-gtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera-kde4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.1", reference:"opera-12.01-19.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"opera-gtk-12.01-19.1") ) flag++;
if ( rpm_check(release:"SUSE12.1", reference:"opera-kde4-12.01-19.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation