Missing security update for Opera Stable 24

Deleted User

Deleted User last edited by

Current Chromium was updated to version 38 at 07-10-2014. :sherlock:
But Opera 24 from 09-2014 is still Chromium 37 (Chrome/37.0.2062.122).
Two days expired without any security fixes for Opera Stable?

Chrome/37.0.2062.122 has some critical and important bugs in V8 Javascript engine which may result into breaking out of sandbox security and code injection/execution on users operating system.

Opera developers should now about the security holes in old chromium, but they leave users stay in insecure browsing?

linuxmint7

linuxmint7 last edited by

sexcurity = security.

Deleted User

Deleted User last edited by

sexcurity = security.

OMG. i di not mean: Cure of sex. Sorry, Opera word correction failed.
I changed it in posting.

Deleted User

Deleted User last edited by

Security fixes for Opera Stable missing for MacOS, too.

leocg

leocg Moderator Volunteer last edited by

Chromium 38 = Opera 25.

Deleted User

Deleted User last edited by

Chromium 38 = Opera 25

@leocog But Opera 25 is not STABLE. It is Beta
And ,,, yes, i'm able to recognized the Opera BETA useragent string which reads Chrome/38.

Do you mean: use Opera BETA to be safe? HHah, Betas may have other instabilities/sec holes.

leocg

leocg Moderator Volunteer last edited by

What i mean is that each version number of Opera is related to a version number of Chromium and will only receive Chromium updates within that version.

Now that Chromium 38 reaches the stable stream, we will probably see Opera Stable 25 being released soon.

christoph142

christoph142 last edited by

@leocg: No need to tell angiesdom how stuff works. She got BTS access
And it's possible to backport (security) fixes into older versions (out of newer Chromium versions).

leocg

leocg Moderator Volunteer last edited by

And it's possible to backport (security) fixes into older versions

Of course. But what would be the meaning of it if a newest one should be releasing soon?

Deleted User

Deleted User last edited by

@leocg

Now that Chromium 38 reaches the stable stream, we will probably see Opera Stable 25 being released soon.

Oh yes, i know. I'm betatesting Opera and reporting Bugs to Opera since years. But im not interested in version numbering.

I wanted to know why Opera has not released a security fix for Opera 24 Stable! Its very uninteresting if they'll do it in a few weeks as a new Opera 26, because using a insecure 25 while waiting for new Stable is a risk. There are some exploits for metasploit attacking older Chromium in the wild.

@christoph142

And it's possible to backport (security) fixes into older versions (out of newer Chromium versions).

Yes, but it would be better for users to know, that the security hole is fixed as a backport in a new build of 24 Stable.

And no Opera changelog of Beta or Dev informs about Security fixes. Operas Devs could write: CVE-2024-12345 fixed.

I don't like such bad information strategy.

OK, i may not use Opera Stable for browsing until the vulnerabilities mentioned in mitres database as CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3194 are fixed.

leocg

leocg Moderator Volunteer last edited by

I wanted to know why Opera has not released a security fix for Opera 24 Stable!

Maybe because the fix will come in a upgrade to a new version, like in Chromium?

Don't forget that they need time to incorporate the changes and some do tests before releasing a public build. And since Stable 25 is in its way to be released i think that releasing a update to Stable 24 and update stable to 25 a couple of days later wouldn't make much sense imho.