SUSE 5136 Published by

An opera security update has been released for openSUSE Leap 15.1 and 15.2.



security-announce: openSUSE-SU-2020:1713-1: important: Security update for opera


openSUSE Security Update: Security update for opera
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1713-1
Rating: important
References:
Cross-References: CVE-2020-15959 CVE-2020-15960 CVE-2020-15961
CVE-2020-15962 CVE-2020-15963 CVE-2020-15964
CVE-2020-15965 CVE-2020-15966 CVE-2020-6556
CVE-2020-6573 CVE-2020-6574 CVE-2020-6575
CVE-2020-6576
Affected Products:
openSUSE Leap 15.2:NonFree
openSUSE Leap 15.1:NonFree
______________________________________________________________________________

An update that fixes 13 vulnerabilities is now available.

Description:

This update for opera fixes the following issues:

opera was updated to version 71.0.3770.228

- DNA-87466 Hide extensions icon is black in dark theme
- DNA-88580 Implement search_in_tabs telemetry benchmark
- DNA-88591 Allow to scroll down the Keyboards Shortcuts section with URL
- DNA-88693 Random crash in SmartFilesBrowserTest
- DNA-88793 change VPN disclaimer modal layout
- DNA-88799 Only active workspaces and active messengers should be
listed in keyboard shortcuts settings
- DNA-88838 add automatic VPN connection preference setting
- DNA-88870 Align VPN popup to new design
- DNA-88900 Turn off Tutorials in Opera GX – implementation
- DNA-88931 Add info about channel and product (OPR, OPRGX) to rollout
requests
- DNA-88940 Allow continue-shopping|booking-host-override switch to
handle host and path
- DNA-88946 Auto-connect VPN after browser startup only for existing VPN
users
- DNA-89009 Change URL for search-suggestions
- DNA-89021 Make RH test driver pack to a separate archive
- DNA-89150 Unhardcode ‘From’ and ‘To’ strings in Advanced
History Search
- DNA-89175 Desktop without a flow paring should not initialize in
browser startup

Opera was updated to version 71.0.3770.198

- CHR-8106 Update chromium on desktop-stable-85-3770 to 85.0.4183.121
- DNA-85648 Reconnecting Flow with iOS is unstable
- DNA-87130 Spinner is stretched instead of clipped
- DNA-87989 In Find in Page, “No matches” doesn’t go away after
deleting all text
- DNA-88098 Data URLs entries should not open new tab after click on new
history page
- DNA-88267 Extra semicolon in Russian BABE translation
- DNA-88312 [Win] Downloads file drag and drop doesn’t work in Opera
- DNA-88363 Add premium extension functionality
- DNA-88580 Implement search_in_tabs telemetry benchmark
- DNA-88611 Black font on a dark background in sync login dialog
- DNA-88626 Disable #easy-files on desktop-stable-85-xxxx
- DNA-88701 String “Type a shortcut” is hardcoded
- DNA-88755 Crash at extensions::WebstoreOneClickInstallerUIImpl::
RemoveAllInfobarsExcept(opera::ExtensionInstallInfoBarDelegate*)
- DNA-88797 Change ‘Register’ to ‘Tab’ in German
- DNA-88851 [History][Resized window] Button and date input look bad
- DNA-88958 Crash at net::`anonymous namespace”::Escape
- The update to chromium 85.0.4183.121 fixes following issues:
- CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963,
CVE-2020-15965, CVE-2020-15966, CVE-2020-15964

- Update to version 71.0.3770.148
- CHR-8091 Update chromium on desktop-stable-85-3770 to 85.0.4183.102
- DNA-87785 [Mac] “Alitools” text in extension toolbar overlaps
Install button
- DNA-87935 Make SSD smaller by 25%
- DNA-87963 Hidden Avira extension in avira_2 edition
- DNA-88015 [MyFlow] Desktop doesn’t show itself in devices list
- DNA-88469 Add context menu options to configure shortcuts
- DNA-88496 Define a/b test in ab_tests.json
- DNA-88537 Don’t filter out hashes from feature reference groups
coming from rollout
- DNA-88580 Implement search_in_tabs telemetry benchmark
- DNA-88604 [History panel] Search bar covers the “Clear browsing
data” button
- DNA-88619 String ‘Download complete’ is cut on download popup
- DNA-88645 Remove option should not be available for last workspace
- DNA-88718 [History panel] fix delete button overflow issue
- The update to chromium 85.0.4183.102 fixes following issues:
- CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576,
CVE-2020-15959
- Complete Opera 71.0 changelog at:
  https://blogs.opera.com/desktop/changelog-for-71/

- Update to version 70.0.3728.144
- CHR-8057 Update chromium on desktop-stable-84-3728 to 84.0.4147.135
- DNA-88027 [Mac] Downloads icon disappears when downloads popup is shown
- DNA-88204 Crash at opera::DownloadItemView::OnMousePressed
(ui::MouseEvent const&)
- The update to chromium 84.0.4147.135 fixes following issues:
- CVE-2020-6556

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:NonFree:

zypper in -t patch openSUSE-2020-1713=1

- openSUSE Leap 15.1:NonFree:

zypper in -t patch openSUSE-2020-1713=1


Package List:

- openSUSE Leap 15.2:NonFree (x86_64):

opera-71.0.3770.228-lp152.2.18.1

- openSUSE Leap 15.1:NonFree (x86_64):

opera-71.0.3770.228-lp151.2.30.1

References:

  https://www.suse.com/security/cve/CVE-2020-15959.html
  https://www.suse.com/security/cve/CVE-2020-15960.html
  https://www.suse.com/security/cve/CVE-2020-15961.html
  https://www.suse.com/security/cve/CVE-2020-15962.html
  https://www.suse.com/security/cve/CVE-2020-15963.html
  https://www.suse.com/security/cve/CVE-2020-15964.html
  https://www.suse.com/security/cve/CVE-2020-15965.html
  https://www.suse.com/security/cve/CVE-2020-15966.html
  https://www.suse.com/security/cve/CVE-2020-6556.html
  https://www.suse.com/security/cve/CVE-2020-6573.html
  https://www.suse.com/security/cve/CVE-2020-6574.html
  https://www.suse.com/security/cve/CVE-2020-6575.html
  https://www.suse.com/security/cve/CVE-2020-6576.html