Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2023:0337-1 Final 1 1 2023-10-29T05:01:20Z current 2023-10-29T05:01:20Z 2023-10-29T05:01:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to 104.0.4944.23 * DNA-110465 [Scrollable tab strip] Weird animation when closing tab * DNA-112021 Favicons disappear from history after being hovered over * DNA-112310 Put opening animation on start page behind a flag * DNA-112462 Crash at opera::SidebarItemViewImpl:: StateChanged(views::Button::ButtonState) * DNA-112464 Crash at anonymous namespace::SwitchToTabButton:: OnThemeChanged() * DNA-112518 Force Default as last used Profile * DNA-112534 Set profiles_order to Default dir - Changes in 104.0.4944.18 * CHR-9471 Update Chromium on desktop-stable-118-4944 to 118.0.5993.71 * DNA-111704 chrome.webRequest.onHeadersReceived event is not fired for extension if page opened from SpeedDial tile * DNA-111878 Highlighting of tabs and bookmarks in dark mode is almost invisible. * DNA-111883 [Address bar] Hover effect on page is placed too high * DNA-111922 [Linux] Change Opera beta application icon * DNA-111955 Reduce colors used in Opera as much as possible * DNA-112075 Rename palette colors in theme for better reusability * DNA-112108 Fix dangling WebContents ptr bound to TabSnoozeInfobarDelegate::Show callback * DNA-112222 Tab in island not marked as active * DNA-112242 Disable feature flag #platform-h264-decoder-in-gpu by default on stable channel * DNA-112265 Promote 104 to stable * DNA-112312 Turn on #wallet-selector on all streams * DNA-112313 Enable #pinboard-popup-refresh on all streams * DNA-112426 [profile migration] Renaming invalid Default to Default.old is not needed anymore - The update to chromium 118.0.5993.71 fixes following issues: CVE-2023-5218, CVE-2023-5487, CVE-2023-5484, CVE-2023-5475, CVE-2023-5483, CVE-2023-5481, CVE-2023-5476, CVE-2023-5474, CVE-2023-5479, CVE-2023-5485, CVE-2023-5478, CVE-2023-5477, CVE-2023-5486, CVE-2023-5473 - Complete Opera 104 changelog at: https://blogs.opera.com/desktop/changelog-for-104/ - Update to 103.0.4928.34 * DNA-111680 Fix highlight of bookmarks bar folder elements * DNA-111703 O icon moves upon opening menu * DNA-111883 [Address bar] Hover effect on page is placed too high * DNA-111940 OMenu text displaced to the right without any indentation * DNA-112118 Crash at history::URLDatabase:: CreateContinueOnIndexIfNeeded(std::__Cr::vector) - Update to 103.0.4928.26 * DNA-111681 Disappearing icons of bookmarks bar folders elements * DNA-112020 Enable #address-bar-dropdown-cities on all streams The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2023-337 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ E-Mail link for openSUSE-SU-2023:0337-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-5218/ SUSE CVE CVE-2023-5218 page https://www.suse.com/security/cve/CVE-2023-5473/ SUSE CVE CVE-2023-5473 page https://www.suse.com/security/cve/CVE-2023-5474/ SUSE CVE CVE-2023-5474 page https://www.suse.com/security/cve/CVE-2023-5475/ SUSE CVE CVE-2023-5475 page https://www.suse.com/security/cve/CVE-2023-5476/ SUSE CVE CVE-2023-5476 page https://www.suse.com/security/cve/CVE-2023-5477/ SUSE CVE CVE-2023-5477 page https://www.suse.com/security/cve/CVE-2023-5478/ SUSE CVE CVE-2023-5478 page https://www.suse.com/security/cve/CVE-2023-5479/ SUSE CVE CVE-2023-5479 page https://www.suse.com/security/cve/CVE-2023-5481/ SUSE CVE CVE-2023-5481 page https://www.suse.com/security/cve/CVE-2023-5483/ SUSE CVE CVE-2023-5483 page https://www.suse.com/security/cve/CVE-2023-5484/ SUSE CVE CVE-2023-5484 page https://www.suse.com/security/cve/CVE-2023-5485/ SUSE CVE CVE-2023-5485 page https://www.suse.com/security/cve/CVE-2023-5486/ SUSE CVE CVE-2023-5486 page https://www.suse.com/security/cve/CVE-2023-5487/ SUSE CVE CVE-2023-5487 page openSUSE Leap 15.4 NonFree opera-104.0.4944.23-lp154.2.56.1 opera-104.0.4944.23-lp154.2.56.1 as a component of openSUSE Leap 15.4 NonFree Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVE-2023-5218 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5218.html CVE-2023-5218 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) CVE-2023-5473 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5473.html CVE-2023-5473 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2023-5474 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5474.html CVE-2023-5474 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2023-5475 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5475.html CVE-2023-5475 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5476 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5476.html CVE-2023-5476 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) CVE-2023-5477 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5477.html CVE-2023-5477 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CVE-2023-5478 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5478.html CVE-2023-5478 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5479 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5479.html CVE-2023-5479 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5481 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5481.html CVE-2023-5481 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5483 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5483.html CVE-2023-5483 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5484 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5484.html CVE-2023-5484 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2023-5485 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5485.html CVE-2023-5485 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) CVE-2023-5486 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5486.html CVE-2023-5486 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2023-5487 openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/ https://www.suse.com/security/cve/CVE-2023-5487.html CVE-2023-5487 https://bugzilla.suse.com/1216111 SUSE Bug 1216111