Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0138-1 Final 1 1 2021-01-22T11:23:09Z current 2021-01-22T11:23:09Z 2021-01-22T11:23:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to version 73.0.3856.344 - CHR-8265 Update chromium on desktop-stable-87-3856 to 87.0.4280.141 - DNA-90625 [Mac] Crash at opera::TabView:: GetPaintData(opera::TabState) const - DNA-90735 Crash at opera::BrowserSidebarModel::GetItemVisible (opera::BrowserSidebarItem const*) const - DNA-90780 Crash at extensions::CommandService::GetExtension ActionCommand(std::__1::basic_string const&, extensions:: ActionInfo::Type, extensions::CommandService::QueryType, extensions::Command*, bool*) - DNA-90821 Crash at opera::BrowserSidebarController:: Action(opera::BrowserSidebarItem const*, opera::BrowserSidebarItemContentView*) - The update to chromium 87.0.4280.141 fixes following issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2020-16043, CVE-2021-21114, CVE-2020-15995, CVE-2021-21115, CVE-2021-21116 - Update to version 73.0.3856.329 - DNA-89156 Crash at content::RenderViewHostImpl::OnFocus() - DNA-89731 [Mac] Bookmarks bar overlaps Babe section when hovering the OMenu - DNA-90189 Music service portal logotypes are blurred on Win - DNA-90336 add session data schema - DNA-90399 Address bar dropdown suggestions overlap each other - DNA-90520 Crash at absl::raw_logging_internal::RawLog(absl:: LogSeverity, char const*, int, char const*, …) - DNA-90538 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - DNA-90600 Don’t report workspace visibility, when functionality is disabled. - DNA-90665 Collect music service statistics WP2 - DNA-90773 Bad translation from english to spanish in UI - DNA-90789 Crash at opera::ThumbnailHelper::RunNextRequest() The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-138 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ E-Mail link for openSUSE-SU-2021:0138-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-15995/ SUSE CVE CVE-2020-15995 page https://www.suse.com/security/cve/CVE-2020-16043/ SUSE CVE CVE-2020-16043 page https://www.suse.com/security/cve/CVE-2021-21106/ SUSE CVE CVE-2021-21106 page https://www.suse.com/security/cve/CVE-2021-21107/ SUSE CVE CVE-2021-21107 page https://www.suse.com/security/cve/CVE-2021-21108/ SUSE CVE CVE-2021-21108 page https://www.suse.com/security/cve/CVE-2021-21109/ SUSE CVE CVE-2021-21109 page https://www.suse.com/security/cve/CVE-2021-21110/ SUSE CVE CVE-2021-21110 page https://www.suse.com/security/cve/CVE-2021-21111/ SUSE CVE CVE-2021-21111 page https://www.suse.com/security/cve/CVE-2021-21112/ SUSE CVE CVE-2021-21112 page https://www.suse.com/security/cve/CVE-2021-21113/ SUSE CVE CVE-2021-21113 page https://www.suse.com/security/cve/CVE-2021-21114/ SUSE CVE CVE-2021-21114 page https://www.suse.com/security/cve/CVE-2021-21115/ SUSE CVE CVE-2021-21115 page https://www.suse.com/security/cve/CVE-2021-21116/ SUSE CVE CVE-2021-21116 page openSUSE Leap 15.1 NonFree opera-73.0.3856.344-lp151.2.42.1 opera-73.0.3856.344-lp151.2.42.1 as a component of openSUSE Leap 15.1 NonFree Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15995 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2020-15995.html CVE-2020-15995 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. CVE-2020-16043 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2020-16043.html CVE-2020-16043 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21106 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21106.html CVE-2021-21106 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21107 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21107.html CVE-2021-21107 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21108 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21108.html CVE-2021-21108 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21109 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21109.html CVE-2021-21109 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21110 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21110.html CVE-2021-21110 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21111 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21111.html CVE-2021-21111 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21112 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21112.html CVE-2021-21112 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21113 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21113.html CVE-2021-21113 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21114 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21114.html CVE-2021-21114 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21115 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21115.html CVE-2021-21115 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21116 openSUSE Leap 15.1 NonFree:opera-73.0.3856.344-lp151.2.42.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOW5ITBZI4UX7TPPGA7TM2EFI3OZCDH7/ https://www.suse.com/security/cve/CVE-2021-21116.html CVE-2021-21116 https://bugzilla.suse.com/1180645 SUSE Bug 1180645