Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2023:0297-1 Final 1 1 2023-10-11T07:10:18Z current 2023-10-11T07:10:18Z 2023-10-11T07:10:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to 103.0.4928.16 * CHR-9416 Updating Chromium on desktop-stable-* branches * CHR-9433 Update Chromium on desktop-stable-117-4928 to 117.0.5938.89 * CHR-9449 Update Chromium on desktop-stable-117-4928 to 117.0.5938.132 * DNA-110337 Opera Intro extension custom versions * DNA-111454 Player animations visual adjustments * DNA-111618 Turn on #password-generator on all streams * DNA-111645 Turn on flag #player-service-react on developer stream * DNA-111708 Player home page is shown while music service is being loaded * DNA-111722 [Tab strip][Tab island] Add tab in tab island button appears after size of tabs is changed * DNA-111727 JsonPrefStore is created twice for Local State file * DNA-111838 Promote 103.0 to stable * DNA-111845 Turn on flag #player-service-react on all streams * DNA-111868 Translations for O103 * DNA-111874 OMenu and Context Menus has transparent few px border - The update to chromium 117.0.5938.89 fixes following issues: CVE-2023-5217, CVE-2023-5186, CVE-2023-5187 - Complete Opera 103 changelog at: https://blogs.opera.com/desktop/changelog-for-103/ - Update to 102.0.4880.78 * DNA-110952 Crash at base::subtle::RefCountedBase:: ReleaseImpl() const - Update to 102.0.4880.70 * DNA-105016 Do not open file selector when closing easy files dialog with 'close this popup' option * DNA-110437 Extensions font color in dark mode makes the text not visible * DNA-110443 Crash at EasyFilesView::ShowFileSelector * DNA-111231 Amazon Music logo update in sidebar Player * DNA-111280 Make import from Crypto Browser to Opera Browser easier * DNA-111355 [Sidebar] DevTools is not working correctly in with sidebar panel * DNA-111708 Player home page is shown while music service is being loaded * DNA-111162 Refresh Player home page * DNA-111164 Implement animation in Player home page - Update to 102.0.4880.56 * DNA-110785 Crash at static void base::allocator:: UnretainedDanglingRawPtrDetectedDumpWithoutCrashing (unsigned __int64) * DNA-110973 Crash after dragging tab from island to another screen * DNA-111199 Disable user_education tests from component_unittests * DNA-111369 Crash at views::View::DoRemoveChildView(views:: View*, bool, bool, views::View*) * DNA-111538 All new open windows don`t have a close button 'x' in the right upper corner. - Changes in 102.0.4880.51 * CHR-9416 Automatic tries of updating Chromium on desktop-stable-* branches * DNA-110101 [Linux] Maximize/restore button does not work properly * DNA-110669 duplicated hints on system buttons * DNA-110823 Uninstallation Survey Countries * DNA-110881 Scroll bar doesn't change color in dark mode * DNA-110930 Capture mouse events on the 1-pixel edge for DevTools * DNA-110935 ChatSonic colors are unreadable in Dark Mode * DNA-111034 Dynamic icon does not look good in edit-tile-modal * DNA-111035 Removal custom-image should restore dynamic icon * DNA-111177 [Start page] Letter in SD is black on light wallpaper * DNA-111488 Improve profile migration for desktop-stable-116-4880 - Update to 102.0.4880.46 * CHR-9416 Automatic tries of updating Chromium on desktop-stable-* branches * DNA-110216 [Sidebar] Straight lines instead of rounded corners * DNA-110539 [LIN] Crash at content::WebContentsImpl:: GetLastCommittedURL() * DNA-110631 AB test mechanism for Speed Dial * DNA-110656 [TabStrip] Memory leak for tab group * DNA-111322 Only show splash screen on major version update * DNA-111417 Crash at opera::component_based:: TabAnimationController::StartAnimatedLayout(opera:: component_based::TabAnimationController::AnimationInfo, base::OnceCallback) * DNA-111420 Update continue on link for euro rtv agd * DNA-111440 Crash at opera::component_based:: ComponentTabBar::GetActiveTab() The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2023-297 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SA3UIF6YUP4F422WZCCPKQ6TLSBG7YAK/ E-Mail link for openSUSE-SU-2023:0297-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-5186/ SUSE CVE CVE-2023-5186 page https://www.suse.com/security/cve/CVE-2023-5187/ SUSE CVE CVE-2023-5187 page https://www.suse.com/security/cve/CVE-2023-5217/ SUSE CVE CVE-2023-5217 page openSUSE Leap 15.5 NonFree opera-103.0.4928.16-lp155.3.12.1 opera-103.0.4928.16-lp155.3.12.1 as a component of openSUSE Leap 15.5 NonFree Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) CVE-2023-5186 openSUSE Leap 15.5 NonFree:opera-103.0.4928.16-lp155.3.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SA3UIF6YUP4F422WZCCPKQ6TLSBG7YAK/ https://www.suse.com/security/cve/CVE-2023-5186.html CVE-2023-5186 https://bugzilla.suse.com/1215776 SUSE Bug 1215776 Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5187 openSUSE Leap 15.5 NonFree:opera-103.0.4928.16-lp155.3.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SA3UIF6YUP4F422WZCCPKQ6TLSBG7YAK/ https://www.suse.com/security/cve/CVE-2023-5187.html CVE-2023-5187 https://bugzilla.suse.com/1215776 SUSE Bug 1215776 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5217 openSUSE Leap 15.5 NonFree:opera-103.0.4928.16-lp155.3.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SA3UIF6YUP4F422WZCCPKQ6TLSBG7YAK/ https://www.suse.com/security/cve/CVE-2023-5217.html CVE-2023-5217 https://bugzilla.suse.com/1215776 SUSE Bug 1215776 https://bugzilla.suse.com/1215778 SUSE Bug 1215778 https://bugzilla.suse.com/1215814 SUSE Bug 1215814 https://bugzilla.suse.com/1217559 SUSE Bug 1217559