Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2360-1 Final 1 1 2020-12-29T16:12:29Z current 2020-12-29T16:12:29Z 2020-12-29T16:12:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to version 73.0.3856.284 - CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88 - DNA-88454 Background of snap area above visible scrolled viewport is not captured - DNA-89749 Implement client_capabilities support for Flow / Sync - DNA-89810 Opera no longer autoselects full url/address bar when clicked - DNA-89923 [Snap] Emojis look grayed out - DNA-90060 Make gesture events work with search-in-tabs feature - DNA-90168 Display SD suggestions titles - DNA-90176 Player doesn’t show music service to choose on Welcome page - DNA-90343 [Mac] Cmd+C doesn’t copy snapshot - DNA-90538 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042 - Update to version 73.0.3856.257 - DNA-89918 #enable-force-dark flag doesn’t work anymore - DNA-90061 Clicking on video’s progress bar breaks autopausing - DNA-90079 [BigSur] Blank pages - DNA-90154 Crash at extensions::CommandService:: GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*) - Complete Opera 73.0 changelog at: https://blogs.opera.com/desktop/changelog-for-73/ The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2360 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/ E-Mail link for openSUSE-SU-2020:2360-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-16037/ SUSE CVE CVE-2020-16037 page https://www.suse.com/security/cve/CVE-2020-16038/ SUSE CVE CVE-2020-16038 page https://www.suse.com/security/cve/CVE-2020-16039/ SUSE CVE CVE-2020-16039 page https://www.suse.com/security/cve/CVE-2020-16040/ SUSE CVE CVE-2020-16040 page https://www.suse.com/security/cve/CVE-2020-16041/ SUSE CVE CVE-2020-16041 page https://www.suse.com/security/cve/CVE-2020-16042/ SUSE CVE CVE-2020-16042 page openSUSE Leap 15.2 NonFree opera-73.0.3856.284-lp152.2.27.1 opera-73.0.3856.284-lp152.2.27.1 as a component of openSUSE Leap 15.2 NonFree Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16037 openSUSE Leap 15.2 NonFree:opera-73.0.3856.284-lp152.2.27.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/ https://www.suse.com/security/cve/CVE-2020-16037.html CVE-2020-16037 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16038 openSUSE Leap 15.2 NonFree:opera-73.0.3856.284-lp152.2.27.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/ https://www.suse.com/security/cve/CVE-2020-16038.html CVE-2020-16038 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16039 openSUSE Leap 15.2 NonFree:opera-73.0.3856.284-lp152.2.27.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/ https://www.suse.com/security/cve/CVE-2020-16039.html CVE-2020-16039 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16040 openSUSE Leap 15.2 NonFree:opera-73.0.3856.284-lp152.2.27.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/ https://www.suse.com/security/cve/CVE-2020-16040.html CVE-2020-16040 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-16041 openSUSE Leap 15.2 NonFree:opera-73.0.3856.284-lp152.2.27.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/ https://www.suse.com/security/cve/CVE-2020-16041.html CVE-2020-16041 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-16042 openSUSE Leap 15.2 NonFree:opera-73.0.3856.284-lp152.2.27.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DD5O6DYQGK2VKG37ZUD4DXDFLTSCZFGY/ https://www.suse.com/security/cve/CVE-2020-16042.html CVE-2020-16042 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 https://bugzilla.suse.com/1180039 SUSE Bug 1180039