Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1320-1 Final 1 1 2020-09-02T04:22:33Z current 2020-09-02T04:22:33Z 2020-09-02T04:22:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to version 70.0.3728.133 - CHR-8053 Update chromium on desktop-stable-84-3728 to 84.0.4147.125 - DNA-87289 Crash at views::NativeWidgetMacNSWindowHost:: OnNativeViewHostDetach(views::View const*) - DNA-87831 [Linux] Sidebar panel cannot be pinned - DNA-88057 [Win] Black rectangle flickers at the bottom of the page on startup - DNA-88157 Sidebar Messenger too low in FullScreen mode - DNA-88238 [macOS 10.15] Toolbar buttons not visible on inactive tab - The update to chromium 84.0.4147.125 fixes following issues: - CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020-6555 - Update to version 70.0.3728.119 - DNA-88215 Introduce easy-setup-hint-ref feature flag - Update to version 70.0.3728.106 - DNA-88014 [Mac] Toolbar in fullscreen disabled after using fullscreen from videoplayer - Update to version 70.0.3728.95 - CHR-8026 Update chromium on desktop-stable-84-3728 to 84.0.4147.105 - DNA-86340 Wrong link to the help page - DNA-87394 [Big Sur] Some popovers have incorrectly themed arrow - DNA-87647 [Win] The [+] button flickers after creating a new tab - DNA-87794 Crash at aura::Window::SetVisible(bool) - DNA-87796 Search in tabs should closed on second click - DNA-87863 Parameter placing issue in all languages - The update to chromium 84.0.4147.105 fixes following issues: - CVE-2020-6537, CVE-2020-6538, CVE-2020-6532, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1320 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ E-Mail link for openSUSE-SU-2020:1320-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-6532/ SUSE CVE CVE-2020-6532 page https://www.suse.com/security/cve/CVE-2020-6537/ SUSE CVE CVE-2020-6537 page https://www.suse.com/security/cve/CVE-2020-6538/ SUSE CVE CVE-2020-6538 page https://www.suse.com/security/cve/CVE-2020-6539/ SUSE CVE CVE-2020-6539 page https://www.suse.com/security/cve/CVE-2020-6540/ SUSE CVE CVE-2020-6540 page https://www.suse.com/security/cve/CVE-2020-6541/ SUSE CVE CVE-2020-6541 page https://www.suse.com/security/cve/CVE-2020-6542/ SUSE CVE CVE-2020-6542 page https://www.suse.com/security/cve/CVE-2020-6543/ SUSE CVE CVE-2020-6543 page https://www.suse.com/security/cve/CVE-2020-6544/ SUSE CVE CVE-2020-6544 page https://www.suse.com/security/cve/CVE-2020-6545/ SUSE CVE CVE-2020-6545 page https://www.suse.com/security/cve/CVE-2020-6546/ SUSE CVE CVE-2020-6546 page https://www.suse.com/security/cve/CVE-2020-6547/ SUSE CVE CVE-2020-6547 page https://www.suse.com/security/cve/CVE-2020-6548/ SUSE CVE CVE-2020-6548 page https://www.suse.com/security/cve/CVE-2020-6549/ SUSE CVE CVE-2020-6549 page https://www.suse.com/security/cve/CVE-2020-6550/ SUSE CVE CVE-2020-6550 page https://www.suse.com/security/cve/CVE-2020-6551/ SUSE CVE CVE-2020-6551 page https://www.suse.com/security/cve/CVE-2020-6552/ SUSE CVE CVE-2020-6552 page https://www.suse.com/security/cve/CVE-2020-6553/ SUSE CVE CVE-2020-6553 page https://www.suse.com/security/cve/CVE-2020-6554/ SUSE CVE CVE-2020-6554 page https://www.suse.com/security/cve/CVE-2020-6555/ SUSE CVE CVE-2020-6555 page openSUSE Leap 15.1 NonFree opera-70.0.3728.133-lp151.2.27.1 opera-70.0.3728.133-lp151.2.27.1 as a component of openSUSE Leap 15.1 NonFree Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6532 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6532.html CVE-2020-6532 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2020-6537 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6537.html CVE-2020-6537 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6538 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6538.html CVE-2020-6538 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6539 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6539.html CVE-2020-6539 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6540 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6540.html CVE-2020-6540 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6541 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6541.html CVE-2020-6541 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6542 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6542.html CVE-2020-6542 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6543 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6543.html CVE-2020-6543 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6544 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6544.html CVE-2020-6544 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6545 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6545.html CVE-2020-6545 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. CVE-2020-6546 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6546.html CVE-2020-6546 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. CVE-2020-6547 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6547.html CVE-2020-6547 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6548 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6548.html CVE-2020-6548 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6549 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6549.html CVE-2020-6549 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6550 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6550.html CVE-2020-6550 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6551 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6551.html CVE-2020-6551 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6552 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6552.html CVE-2020-6552 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6553 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6553.html CVE-2020-6553 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6554 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6554.html CVE-2020-6554 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6555 openSUSE Leap 15.1 NonFree:opera-70.0.3728.133-lp151.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3G3DUIPHBXXC5JRT3KIGDCTYVAA3EMOD/ https://www.suse.com/security/cve/CVE-2020-6555.html CVE-2020-6555 https://bugzilla.suse.com/1175085 SUSE Bug 1175085