Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0592-1 Final 1 1 2021-04-22T08:05:34Z current 2021-04-22T08:05:34Z 2021-04-22T08:05:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Opera was updated to version 75.0.3969.171 (boo#1184256) CVE-2021-21194, CVE-2021-21195, CVE-2021-21196, CVE-2021-21197, CVE-2021-21198, CVE-2021-21199, CVE-2021-21191, CVE-2021-21192, CVE-2021-21193 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-592 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ E-Mail link for openSUSE-SU-2021:0592-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184256 SUSE Bug 1184256 https://www.suse.com/security/cve/CVE-2021-21191/ SUSE CVE CVE-2021-21191 page https://www.suse.com/security/cve/CVE-2021-21192/ SUSE CVE CVE-2021-21192 page https://www.suse.com/security/cve/CVE-2021-21193/ SUSE CVE CVE-2021-21193 page https://www.suse.com/security/cve/CVE-2021-21194/ SUSE CVE CVE-2021-21194 page https://www.suse.com/security/cve/CVE-2021-21195/ SUSE CVE CVE-2021-21195 page https://www.suse.com/security/cve/CVE-2021-21196/ SUSE CVE CVE-2021-21196 page https://www.suse.com/security/cve/CVE-2021-21197/ SUSE CVE CVE-2021-21197 page https://www.suse.com/security/cve/CVE-2021-21198/ SUSE CVE CVE-2021-21198 page https://www.suse.com/security/cve/CVE-2021-21199/ SUSE CVE CVE-2021-21199 page openSUSE Leap 15.2 NonFree opera-75.0.3969.171-lp152.2.40.1 opera-75.0.3969.171-lp152.2.40.1 as a component of openSUSE Leap 15.2 NonFree Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21191 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21191.html CVE-2021-21191 https://bugzilla.suse.com/1183515 SUSE Bug 1183515 Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21192 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21192.html CVE-2021-21192 https://bugzilla.suse.com/1183515 SUSE Bug 1183515 Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21193 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21193.html CVE-2021-21193 https://bugzilla.suse.com/1183515 SUSE Bug 1183515 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21194 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21194.html CVE-2021-21194 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21195 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21195.html CVE-2021-21195 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21196 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21196.html CVE-2021-21196 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21197 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21197.html CVE-2021-21197 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21198 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21198.html CVE-2021-21198 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21199 openSUSE Leap 15.2 NonFree:opera-75.0.3969.171-lp152.2.40.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7RDJ7VXQ4XSRZDWGET7L5VU52AB3SLWM/ https://www.suse.com/security/cve/CVE-2021-21199.html CVE-2021-21199 https://bugzilla.suse.com/1184256 SUSE Bug 1184256