Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1358-1 Final 1 1 2021-10-15T14:06:56Z current 2021-10-15T14:06:56Z 2021-10-15T14:06:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: opera was updated to version 80.0.4170.16 Fixes: - CHR-8590 Update chromium on desktop-stable-94-4170 to 94.0.4606.61 - DNA-95347 Make InstallerStep::Run async - DNA-95420 First suggestion in address field is often not highlighted - DNA-95613 Browser closing itself after closing SD/first tab and last opened tab - DNA-95725 Promote O80 to stable - DNA-95781 Import fixes for CVE-2021-37975, CVE-2021-37976 and CVE-2021-37974 to desktop-stable-94-4170 - Complete Opera 80.0 changelog at: https://blogs.opera.com/desktop/changelog-for-80/ - Drop Provides/Obsoletes for opera-gtk and opera-kde4 opera-gtk and opera-kde4 were last used in openSUSE 13.1 Opera was updated to version 79.0.4143.72 Fixes: - DNA-94933 Add emoji panel to address bar - DNA-95210 Add emoji YAT address bar suggestions - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search© dialog - DNA-95364 Add browser feature flag - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95445 Crash when removing unsynced pinboard bookmark with sync enabled - DNA-95512 Allow to show title and timer for simple banners - DNA-95516 Wrong label in settings for themes - DNA-95679 Temporarily disable AB test for a new autoupdater logic The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1358 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAX3Q57Z6FBAZI5TMEFWFYPK5JXVPRKE/ E-Mail link for openSUSE-SU-2021:1358-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-37974/ SUSE CVE CVE-2021-37974 page https://www.suse.com/security/cve/CVE-2021-37975/ SUSE CVE CVE-2021-37975 page https://www.suse.com/security/cve/CVE-2021-37976/ SUSE CVE CVE-2021-37976 page openSUSE Leap 15.2 NonFree openSUSE Leap 15.3 NonFree opera-80.0.4170.16-lp153.2.24.1 opera-80.0.4170.16-lp153.2.24.1 as a component of openSUSE Leap 15.2 NonFree opera-80.0.4170.16-lp153.2.24.1 as a component of openSUSE Leap 15.3 NonFree Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37974 openSUSE Leap 15.2 NonFree:opera-80.0.4170.16-lp153.2.24.1 openSUSE Leap 15.3 NonFree:opera-80.0.4170.16-lp153.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAX3Q57Z6FBAZI5TMEFWFYPK5JXVPRKE/ https://www.suse.com/security/cve/CVE-2021-37974.html CVE-2021-37974 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37975 openSUSE Leap 15.2 NonFree:opera-80.0.4170.16-lp153.2.24.1 openSUSE Leap 15.3 NonFree:opera-80.0.4170.16-lp153.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAX3Q57Z6FBAZI5TMEFWFYPK5JXVPRKE/ https://www.suse.com/security/cve/CVE-2021-37975.html CVE-2021-37975 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-37976 openSUSE Leap 15.2 NonFree:opera-80.0.4170.16-lp153.2.24.1 openSUSE Leap 15.3 NonFree:opera-80.0.4170.16-lp153.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JAX3Q57Z6FBAZI5TMEFWFYPK5JXVPRKE/ https://www.suse.com/security/cve/CVE-2021-37976.html CVE-2021-37976 https://bugzilla.suse.com/1191204 SUSE Bug 1191204