Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0635-1 Final 1 1 2020-05-09T10:17:29Z current 2020-05-09T10:17:29Z 2020-05-09T10:17:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Opera was updated to version 68.0.3618.63 - CHR-7889 Update chromium on desktop-stable-81-3618 to 81.0.4044.122 - CHR-7896 Update chromium on desktop-stable-81-3618 to 81.0.4044.129 - DNA-85287 Set standard spacing for Yandex prompt - DNA-85416 [Mac] Animation of tab insert is glitchy on slow machines - DNA-85568 Verify API for triggering “unread” mode with Instagram. - DNA-86027 Present Now not working in google meet after canceling it once - DNA-86028 Add a back and forward button in the Instagram panel - DNA-86029 Investigate and implement re-freshing of the instagram panel content - Update chromium to 81.0.4044.122 fixes CVE-2020-6458, CVE-2020-6459, CVE-2020-6460 - Update chromium to 81.0.4044.129 fixes CVE-2020-6461, CVE-2020-6462 Update to version 68.0.3618.56 - DNA-85256 [Win] Cookies section on site pages is white in dark mode - DNA-85474 [Mac] Dragging tabs to the left with hidden sidebar is broken - DNA-85771 DNS-over-HTTPS example in settings is wrong - DNA-85976 Change page display time when navigating from opera:startpage - CHR-7878 Update chromium on desktop-stable-81-3618 to 81.0.4044.113 (CVE-2020-6457) - DNA-78158 PATCH-1272 should be removed - DNA-84721 Weather widget is overlapped when ‘Use bigger tiles’ - DNA-85246 Implement 0-state dialog and onboarding - DNA-85354 O-menu is misplaced when opened with maximized opera - DNA-85405 Add link to Privacy Policy on the 0-state dialog - DNA-85409 Ask for geolocation EULA once - DNA-85426 Crash at opera::DownloadActionButton::Update() - DNA-85454 Add id’s to elements for testing - DNA-85493 Add “Show Weather” toggle to “Start Page” section in Easy Setup - DNA-85501 Set timestamps in geolocation exception record - DNA-85514 Add fallback when geolocation fails - DNA-85713 Report consent for geolocation on start page - DNA-85753 Fetch news configuration from new endpoint - DNA-85798 Incorrect padding in Search in Tabs window - DNA-85801 Disable notification on instagram panel - DNA-85809 Update instagram icon in the Sidebar Setup - DNA-85854 Change Instagram panel size, to fit desktop version - Complete Opera 68.0 changelog at: https://blogs.opera.com/desktop/changelog-for-68/ Update to version 67.0.3575.137 - CHR-7852 Update chromium on desktop-stable-80-3575 to 80.0.3987.163 - DNA-82540 Crash at remote_cocoa::NativeWidgetNSWindowBridge:: SetVisibilityState(remote_cocoa::mojom::WindowVisibilityState) - DNA-84951 New PiP is completely black for some 2 GPU setups - DNA-85284 Chrome “Open link in same tab, pop-up as tab [Free]” extension is no longer working in Opera - DNA-85415 [Mac] Inspect Popup not working - DNA-85530 Create API for displaying and triggering “unread” mode for messengers from in-app - DNA-85537 Let addons.opera.com interact with sidebar messengers Update to version 67.0.3575.115 - CHR-7833 Update chromium on desktop-stable-80-3575 to 80.0.3987.149 - DNA-74423 [Mac] Search/Copy popup stuck on top left of screen - DNA-82975 Crash at blink::DocumentLifecycle::EnsureStateAtMost (blink::DocumentLifecycle::LifecycleState) - DNA-83834 Crash at base::MessagePumpNSApplication:: DoRun (base::MessagePump::Delegate*) - DNA-84632 macOS 10.15.2 fail on creating testlist.json - DNA-84713 Switching through tabs broken when using workspaces The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-635 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/ E-Mail link for openSUSE-SU-2020:0635-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-6457/ SUSE CVE CVE-2020-6457 page https://www.suse.com/security/cve/CVE-2020-6458/ SUSE CVE CVE-2020-6458 page https://www.suse.com/security/cve/CVE-2020-6459/ SUSE CVE CVE-2020-6459 page https://www.suse.com/security/cve/CVE-2020-6460/ SUSE CVE CVE-2020-6460 page https://www.suse.com/security/cve/CVE-2020-6461/ SUSE CVE CVE-2020-6461 page https://www.suse.com/security/cve/CVE-2020-6462/ SUSE CVE CVE-2020-6462 page openSUSE Leap 15.1 NonFree opera-68.0.3618.63-lp151.2.15.1 opera-68.0.3618.63-lp151.2.15.1 as a component of openSUSE Leap 15.1 NonFree Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6457 openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/ https://www.suse.com/security/cve/CVE-2020-6457.html CVE-2020-6457 https://bugzilla.suse.com/1169729 SUSE Bug 1169729 Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-6458 openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/ https://www.suse.com/security/cve/CVE-2020-6458.html CVE-2020-6458 https://bugzilla.suse.com/1170107 SUSE Bug 1170107 Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6459 openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/ https://www.suse.com/security/cve/CVE-2020-6459.html CVE-2020-6459 https://bugzilla.suse.com/1170107 SUSE Bug 1170107 Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. CVE-2020-6460 openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/ https://www.suse.com/security/cve/CVE-2020-6460.html CVE-2020-6460 https://bugzilla.suse.com/1170107 SUSE Bug 1170107 Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6461 openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/ https://www.suse.com/security/cve/CVE-2020-6461.html CVE-2020-6461 https://bugzilla.suse.com/1170707 SUSE Bug 1170707 Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6462 openSUSE Leap 15.1 NonFree:opera-68.0.3618.63-lp151.2.15.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F6JPGRCMJIBFSTEUKUCXOWZKVCHWU4O7/ https://www.suse.com/security/cve/CVE-2020-6462.html CVE-2020-6462 https://bugzilla.suse.com/1170707 SUSE Bug 1170707