SUSE 5149 Published by

An opera security update has been released for openSUSE Leap 15.3.



openSUSE-SU-2022:10087-1: important: Security update for opera


openSUSE Security Update: Security update for opera
______________________________________________________________________________

Announcement ID: openSUSE-SU-2022:10087-1
Rating: important
References:
Cross-References: CVE-2022-2163 CVE-2022-2294 CVE-2022-2295
CVE-2022-2296 CVE-2022-2477 CVE-2022-2478
CVE-2022-2479 CVE-2022-2480 CVE-2022-2481

CVSS scores:
CVE-2022-2163 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2294 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2295 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2296 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2477 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2478 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2479 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-2480 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2481 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Leap 15.3:NonFree
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for opera fixes the following issues:

opera was updated to 89.0.4447.71

- CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134
- DNA-100492 authPrivate.storeCredentials should work with running auth
session
- DNA-100649 ???Sign out??? from settings doesn???t also sign out from
auth
- DNA-100653 VPN Badge popup ??? not working well with different page
zoom being set in browser settings
- DNA-100712 Wrong spacing on text to reset sync passphrase in settings
- DNA-100799 VPN icon is ???pro??? on disconnected
- DNA-100841 Remove Get Subscription and Get button from VPN pro settings
- DNA-100883 Update missing translations from chromium
- DNA-100899 Translation error in Turkish
- DNA-100912 Unable to select pinboards when sync everything is enabled
- DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB
- DNA-100960 Use after move
CountryBlacklistServiceImpl::DownloadCountryBlacklist
- DNA-100961 Use after move
CategorizationDataCollection::Iterator::Iterator
- DNA-100989 Crash at
opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&)

- The update to chromium 103.0.5060.134 fixes following issues:
CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479
CVE-2022-2480, CVE-2022-2481

opera was updated to 89.0.4447.51

- DNA-99538 Typed content of address bar shared between tabs
- DNA-100418 Set 360 so as search engine in China
- DNA-100629 Launch Auth login when enabling sync while logged in
- DNA-100776 Popup is too long if there are no services available

opera was updated to 89.0.4447.48

- CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114
- DNA-100247 Make it possible to display hint when tab scrolling gets
triggered
- DNA-100482 Shopping corner icon availability
- DNA-100575 Add unique IDs to all web element in opera account popup
- DNA-100625 Opera account popup appears too high on Linux
- DNA-100627 Enable #snap-from-panel on all stream
- DNA-100636 DCHECK at suggestion_item.cc(484)
- DNA-100685 Fix crash when attaching to tab strip scroll buttons
- DNA-100693 Enable Sticky Site sidebar item to have notification bubble
- DNA-100698 [AdBlock] Unhandled Disconnect list category:
"emailaggressive"
- DNA-100716 Misstype Settings "Enhanced address bar"
- DNA-100732 Fix & escaping in translated strings
- DNA-100759 Crash when loading personal news in private window

- The update to chromium 103.0.5060.114 fixes following issues:
CVE-2022-2294, CVE-2022-2295, CVE-2022-2296

opera was updated to 89.0.4447.38

- DNA-100283 Translations for O89

- Complete Opera 89.0 changelog at:
  https://blogs.opera.com/desktop/changelog-for-89/

opera was updated to 89.0.4447.37

- CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66
- DNA-99780 Crash at zmq::zmq_abort(char const*)
- DNA-100377 New opera account popup doesn???t open on Linux
- DNA-100589 Crash at base::internal::Invoker::RunOnce
(base::internal::BindStateBase*, scoped_refptr&&)
- DNA-100607 Sync ???Sign in??? button doesn???t work with Opera Account
popup

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:NonFree:

zypper in -t patch openSUSE-2022-10087=1


Package List:

- openSUSE Leap 15.3:NonFree (x86_64):

opera-89.0.4447.71-lp153.2.54.1

References:

  https://www.suse.com/security/cve/CVE-2022-2163.html
  https://www.suse.com/security/cve/CVE-2022-2294.html
  https://www.suse.com/security/cve/CVE-2022-2295.html
  https://www.suse.com/security/cve/CVE-2022-2296.html
  https://www.suse.com/security/cve/CVE-2022-2477.html
  https://www.suse.com/security/cve/CVE-2022-2478.html
  https://www.suse.com/security/cve/CVE-2022-2479.html
  https://www.suse.com/security/cve/CVE-2022-2480.html
  https://www.suse.com/security/cve/CVE-2022-2481.html