Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1952-1 Final 1 1 2020-11-17T11:28:00Z current 2020-11-17T11:28:00Z 2020-11-17T11:28:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Opera was updated to version 72.0.3815.320 - CHR-8177 Update chromium on desktop-stable-86-3815 to 86.0.4240.183 - DNA-89748 ‘Manage Extensions’ dialog is displayed with preloaded extensions - DNA-89766 Address bar does not respond to actions - The update to chromium 86.0.4240.183 fixes following issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, CVE-2020-16011 - Update to version 72.0.3815.200 - DNA-87150 Speed Dial tile can’t be dragged to proper place - DNA-89632 Improve hovering over icons - DNA-89647 [Light mode] Wrong URL color in ‘Add Site’ section - DNA-89791 Typo in Spanish - The update to chromium 86.0.4240.111 fixes following issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-15999, CVE-2020-16003 - Complete Opera 72.0 changelog at: https://blogs.opera.com/desktop/changelog-for-72/ - Update to version 71.0.3770.271 - DNA-88353 Crash at opera::TabCyclerView::HighlightContents (content::WebContents*, bool) - DNA-89177 Device update request should only be called when FCM token has changed - DNA-89186 Handle device expired case in all server calls - DNA-89202 Pages are rendered in dark mode when force dark mode prefs were synced from Opera GX - DNA-89247 [Mac] Fullscreen video broken if sidebar is hidden - DNA-89298 Some elements of VPN popup are misaligned to design - DNA-89305 Crash after closing Downloads pop-up The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1952 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ E-Mail link for openSUSE-SU-2020:1952-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-15999/ SUSE CVE CVE-2020-15999 page https://www.suse.com/security/cve/CVE-2020-16000/ SUSE CVE CVE-2020-16000 page https://www.suse.com/security/cve/CVE-2020-16001/ SUSE CVE CVE-2020-16001 page https://www.suse.com/security/cve/CVE-2020-16002/ SUSE CVE CVE-2020-16002 page https://www.suse.com/security/cve/CVE-2020-16003/ SUSE CVE CVE-2020-16003 page https://www.suse.com/security/cve/CVE-2020-16004/ SUSE CVE CVE-2020-16004 page https://www.suse.com/security/cve/CVE-2020-16005/ SUSE CVE CVE-2020-16005 page https://www.suse.com/security/cve/CVE-2020-16006/ SUSE CVE CVE-2020-16006 page https://www.suse.com/security/cve/CVE-2020-16007/ SUSE CVE CVE-2020-16007 page https://www.suse.com/security/cve/CVE-2020-16008/ SUSE CVE CVE-2020-16008 page https://www.suse.com/security/cve/CVE-2020-16009/ SUSE CVE CVE-2020-16009 page https://www.suse.com/security/cve/CVE-2020-16011/ SUSE CVE CVE-2020-16011 page openSUSE Leap 15.1 NonFree openSUSE Leap 15.2 NonFree opera-72.0.3815.320-lp152.2.21.1 opera-72.0.3815.320-lp152.2.21.1 as a component of openSUSE Leap 15.1 NonFree opera-72.0.3815.320-lp152.2.21.1 as a component of openSUSE Leap 15.2 NonFree Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-15999.html CVE-2020-15999 https://bugzilla.suse.com/1177914 SUSE Bug 1177914 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://bugzilla.suse.com/1178824 SUSE Bug 1178824 https://bugzilla.suse.com/1178894 SUSE Bug 1178894 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16000 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16000.html CVE-2020-16000 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16001 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16001.html CVE-2020-16001 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-16002 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16002.html CVE-2020-16002 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16003 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16003.html CVE-2020-16003 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16004 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16004.html CVE-2020-16004 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16005 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16005.html CVE-2020-16005 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16006 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16006.html CVE-2020-16006 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. CVE-2020-16007 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 critical 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16007.html CVE-2020-16007 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. CVE-2020-16008 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16008.html CVE-2020-16008 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16009 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16009.html CVE-2020-16009 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16011 openSUSE Leap 15.1 NonFree:opera-72.0.3815.320-lp152.2.21.1 openSUSE Leap 15.2 NonFree:opera-72.0.3815.320-lp152.2.21.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MZPDJYULXAMSZLQSDCDB6AOO535U72YK/ https://www.suse.com/security/cve/CVE-2020-16011.html CVE-2020-16011 https://bugzilla.suse.com/1178375 SUSE Bug 1178375