SUSE 5185 Published by

An opera security update has been released for openSUSE Leap 15.4.



openSUSE-SU-2023:0251-1: important: Security update for opera


openSUSE Security Update: Security update for opera
_______________________________

Announcement ID: openSUSE-SU-2023:0251-1
Rating: important
References:
Cross-References: CVE-2023-2312 CVE-2023-3420 CVE-2023-3421
CVE-2023-3422 CVE-2023-4068 CVE-2023-4069
CVE-2023-4070 CVE-2023-4071 CVE-2023-4072
CVE-2023-4073 CVE-2023-4074 CVE-2023-4075
CVE-2023-4076 CVE-2023-4077 CVE-2023-4078
CVE-2023-4349 CVE-2023-4350 CVE-2023-4351
CVE-2023-4352 CVE-2023-4353 CVE-2023-4354
CVE-2023-4355 CVE-2023-4356 CVE-2023-4357
CVE-2023-4358 CVE-2023-4359 CVE-2023-4360
CVE-2023-4361 CVE-2023-4362 CVE-2023-4363
CVE-2023-4364 CVE-2023-4365 CVE-2023-4366
CVE-2023-4367 CVE-2023-4368 CVE-2023-4572

CVSS scores:
CVE-2023-2312 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-3420 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-3421 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-3422 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4068 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2023-4069 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4070 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2023-4071 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4072 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4073 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4074 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4075 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4076 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4077 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4078 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4349 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4350 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-4351 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4352 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4353 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4354 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4355 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4356 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4357 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4358 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4359 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-4360 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-4361 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2023-4362 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4363 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-4364 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-4365 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-4366 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4367 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-4368 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-4572 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Leap 15.4:NonFree
_______________________________

An update that fixes 36 vulnerabilities is now available.

Description:

This update for opera fixes the following issues:

- Update to 102.0.4880.40

* DNA-111203 Prepare translations for home button in settings

- Changes in 102.0.4880.38

* DNA-110720 [Sidebar] Sidebar app increase size every time it's reopened
* DNA-110723 Music logo in light mode of 'Select service' unreadable on
hover
* DNA-110821 Run-if-alive callback missing in WMFDecoderImpl
* DNA-110835 Search/copy popup issues
* DNA-111038 Disable profile migration
* DNA-111263 Tab island animation incorrect when tabstrip full

- Update to 102.0.4880.33

* CHR-9411 Update Chromium on desktop-stable-116-4880 to 116.0.5845.141
* DNA-110172 [BUG] Images inside popup does not get rounded corner
* DNA-110828 Update chess.com build
* DNA-110834 Crash at opera::component_based::
TabAnimationController::StartAnimatedLayout(opera::
component_based::TabAnimationController::AnimationInfo,
base::OnceCallback)
* DNA-111144 Enable a new version of the extension.

- The update to chromium 116.0.5845.141 fixes following issues:
CVE-2023-4572

- Update to 102.0.4880.29

* DNA-109498 Splash screen is shown on every restart of the browser
* DNA-109698 Test Amazon Music support
* DNA-109840 Amazon music logo is very small and unreadable
* DNA-109841 Amazon music logo in player mode is too wide
* DNA-109842 [opauto] Add tests for Amazon Music in Player
* DNA-109937 Crash at opera::ComponentTabStripController::
SetGroupCollapsed(tab_groups::TabGroupId const&, bool)
* DNA-110107 Clicking roblox link on page closes the tab
* DNA-110110 [Tab strip][Tab island] Middle/right mouse click
on top of the screen have no/wrong efect
* DNA-110125 [Win/Lin] New design for default scrollbars on web page
* DNA-110130 Capture mouse events on the 1-pixel edge to the right of
the web view
* DNA-110586 Shadow is clipped if first tab is selected
* DNA-110637 Revert removal of start page button
* DNA-110684 Add bookmarks permissions
* DNA-110702 [Scrollable] Pin group is not aligned with address bar
* DNA-110737 [OMenu] Menu button looks weird
* DNA-110788 No 1-pixel edge in full screen mode
* DNA-110828 Update chess.com build
* DNA-110842 [Tab strip] Make â+â button round(er) again
* DNA-110874 Bring back Home button
* DNA-110876 Search box on Start page without transparency
* DNA-110878 Turn on Amazon Music on developer
* DNA-110905 Amazon Music for all given locales
* DNA-110961 [WinLin] Remove 1-pixel edge in full screen mode
* DNA-111038 Disable profile migration
* DNA-111079 Improve user-profile migration
* DNA-111092 Disable profile migration flag for desktop-stable-116-4880

- Update to 102.0.4880.16

* CHR-9396 Update Chromium on desktop-stable-116-4880 to 116.0.5845.97
* DNA-110040 Crash at crash_reporter::(anonymous namespace)::
AbslAbortHook(char const*, int, char const*, char const*, char const*)
* DNA-110315 O-menu opening after pressing alt on site which have action
for Alt press
* DNA-110440 [Tab strip] Tab favicon not cropped when it does not fit in
tab size
* DNA-110469 Move Shopping corner and Loomi to 'Special Features' section
* DNA-110510 [Tab strip] Mute icon displayed over tab title
* DNA-110526 If group is first the tab bar is not aligned with address
bar
* DNA-110828 Update chess.com build
* DNA-110836 Promote 102 to stable
* DNA-110892 Translations for O102
* DNA-110962 Fix ab_tests.json preferences override not working

- The update to chromium 116.0.5845.97 fixes following issues:
CVE-2023-2312, CVE-2023-4349, CVE-2023-4350, CVE-2023-4351,
CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355,
CVE-2023-4356, CVE-2023-4357, CVE-2023-4358, CVE-2023-4359,
CVE-2023-4360, CVE-2023-4361, CVE-2023-4362, CVE-2023-4362,
CVE-2023-4363, CVE-2023-4364, CVE-2023-4365, CVE-2023-4366,
CVE-2023-4367, CVE-2023-4368
- Complete Opera 102 changelog at:
https://blogs.opera.com/desktop/changelog-for-102/

- Update to 101.0.4843.43

* CHR-9381 Update Chromium on desktop-stable-115-4843 to 115.0.5790.171
* DNA-108919 Tab Island 'Move To Island' highlight color is the same as
island color
* DNA-109202 Often extension popup is not displayed
* DNA-109454 Wallpaper customization with remote resource
* DNA-109679 Fix typo in flags schema
* DNA-109927 Add tooltips for visual or incomplete items in context menu
* DNA-110225 Replace Twitter logo in Sidebar with the new one X
* DNA-110244 Translations for O101
* DNA-110276 Fix race condition in DeferredInstalledWallpapers
* DNA-110400 teaser_event_impression counted when user closes baner

- The update to chromium 115.0.5790.171 fixes following issues:
CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071,
CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075,
CVE-2023-4076, CVE-2023-4077, CVE-2023-4078

- Update to 101.0.4843.23

* DNA-109400 Enable #adblocker-anticv on developer stream
* DNA-109423 Add histograms to help track #platform-h264-decoder-in-gpu
quality
* DNA-109861 Crash on expading folder on bookmark bar containing unnamed
subfolder
* DNA-109872 WMFAudioDecoder reports spurious dry run if initialized
during pipeline shutdown
* DNA-109908 Crash at opera::(anonymous namespace)::
AddNewTabToWorkspaceIfCurrent(Browser*, opera::WorkspaceId)
(.llvm.13400399341940007321)
* DNA-110005 Duplicated tabs indicator is not shown on tab bar
* DNA-110062 [Linux] QT6 dependency issue with .rpm package
* DNA-110210 Enable #adblocker-anticv on all streams
* DNA-110244 Translations for O101

- Update to 101.0.4843.25

* CHR-9357 Update Chromium on desktop-stable-115-4843 to 115.0.5790.90
* CHR-9362 Update Chromium on desktop-stable-115-4843 to 115.0.5790.102
* DNA-104841 Create a smooth corner background
* DNA-108012 [Opera One] Misaligned inner bookmarks menu in Opera Menu
* DNA-109129 Crash at opera::component_based::
OperaOneIntroductionAnimationController::AnimateHideVisibility()
* DNA-109209 Dragged island falls under island its being dragged over
* DNA-109266 Crash at content::WebContentsImpl::
SetDelegate(content::WebContentsDelegate*)
* DNA-109310 Broken session files are not automatically recovered
* DNA-109448 [AdBlock] Images from ads are missing with AA enabled
* DNA-109587 "Show bookmarks bar" checkbox on bookmarks feature(Dark
Mode)
* DNA-109674 Closing the tabs in the workspace in the other window will
close Opera
* DNA-109694 Smooth corners on active tab
* DNA-109774 Log when trying to switch workspace while closing browser
* DNA-110005 Duplicated tabs indicator is not shown on tab bar
* DNA-110244 Translations for O101
- Complete Opera 101 changelog at:
https://blogs.opera.com/desktop/changelog-for-101/

- Update to 100.0.4815.76

* DNA-109129 Crash at opera::component_based::Opera
OneIntroductionAnimationController::AnimateHideVisibility()
* DNA-109233 Crash at crash_reporter::(anonymous namespace)::
AbslAbortHook(char const*, int, char const*, char const*, char const*)
* DNA-109673 Session stat event teaser_tile_click is not sent
* DNA-109897 Session is lost when new session file is created

- Changes in 100.0.4815.54

* DNA-109148 Allow AI extension to change permissions during update
* DNA-109172 WMFAudioDecoder fails with #platform-aac-decoder-in-gpu
enabled
* DNA-109633 Do not send TabStripEmpty multiple times
* DNA-109674 Closing the tabs in the workspace in the other window will
close Opera
* DNA-109774 Log when trying to switch workspace while closing browser

- Changes in 100.0.4815.47

* DNA-108456 WMFAudioDecoder dry run should include decoding
one buffer
* DNA-108478 Disable extension icon on the right side (where all normal
extensions are)
* DNA-108791 Give access to feedbackPopupPrivate
* DNA-109134 Crash at media::FFmpegDemuxer:: OnFindStreamInfoDone(int)
if LD_PRELOAD set by user
* DNA-109137 SD images/icons/logo not loading or loading really slow
* DNA-109182 Please add an event when popup closes
* DNA-109231 Extended click area does not work for groups
* DNA-109242 Session unload kDisablePageLoadsOnStartup not working
* DNA-109310 Broken session files are not automatically recovered
* DNA-109618 Crash logger RestartAction should be set only after crash

- Update to 100.0.4815.30

* CHR-9339 Update Chromium on desktop-stable-114-4815 to 114.0.5735.199
* DNA-106986 [Tab strip][Tab islands] Reduce size of tab island handle
* DNA-107205 Disable banner on fresh installation "Back up your Opera
Browser"
* DNA-107306 Update Contributors list Opera One
* DNA-107337 NotReached in Browser::CloseContents
* DNA-107673 Crash at static void
opera::ComponentTabStripController::ShowHoverCardForGroup()
* DNA-108461 Distribute Aria with the Opera build
* DNA-108540 [Rich Hints] Tab islands â a trigger and anchor
* DNA-108545 Track accelerated video decoding support
* DNA-108606 [Mac] Opening context menu closes subfolders menu
on bookmark bar
* DNA-108664 Set minimum and maximum width for Aria extension
* DNA-108702 Tab falls outside island with specific number of tabs on
tab strip
* DNA-108731 Add "aria" stat to the schema
* DNA-108760 Record tab islands events
* DNA-108761 Implement âLater' functionality
* DNA-108763 Implement âQuit while showing onboarding'
* DNA-108806 Command Line not activated when sidebar panel is opened
* DNA-108858 [Linux] Browser window corners are not rounded perfectly
* DNA-108863 Sidebar panel isn't properly aligned with sidebar
* DNA-108882 [Icon change] Sync icon without custom image
* DNA-108898 [Autohide] Sidebar panel title bar is not tall enough
* DNA-108906 Turn on #component-based-context-menu on all streams
* DNA-108907 Empty text (button inactive) button color is wrong
* DNA-108912 Implement rotating animation for Aria command line
* DNA-108921 Enable #opera-one-introduction on all streams
* DNA-108928 Show overlay only if command-line parameter was given
* DNA-108933 Update repack script to handle introduction extension
* DNA-108938 Translations for O100
* DNA-108942 Remove Shopping Corner from the sidebar by default
* DNA-108943 Crash at
opera::AriaCommandLineController::~AriaCommandLineController()
* DNA-108949 Make opera://intro display introduction page from extension
* DNA-108952 Implement splash screen
* DNA-108955 Aria extension is moved to the right after sending prompt
from Command Line when sidebar is set to autohide
* DNA-108957 Opera crashes during shutdown after
opera-one-introduction hid
* DNA-108958 Commandline disappears after clicking Aria logo on
Commandline bar
* DNA-108959 Commandline does not have hover effect on Send button
* DNA-108980 Add Control+Shift+7 / Command+Shift+7 as alternative
shortcut for Aria command line
* DNA-108992 Opera One introduction appears in every New Window
* DNA-109009 Crash at
opera::component_based::ComponentTabGroup::UpdateTabAppearances()
* DNA-109021 [Stable] No Shopping corner icon in sidebar setup
* DNA-109031 [Tab islands] Island can automatically re-collapse when
clicking handle button to expand it
* DNA-109036 [Private Mode] [Light Team] Icons in address bar flashed
white when pressed
* DNA-109037 [Private Mode][Light] Folders name are not readable in BB
when highlighted
* DNA-109085 Two separators after âSearch with' option
* DNA-109091 Can't change tab when window is maximized on second display
* DNA-109096 "Move to workspacesâ doesn't fit all workspaces
* DNA-109099 [WinLin] Add Aria command line to Opera menu
* DNA-109102 [O-menu][History] Wrong layout of elements without icon in
history submenu
* DNA-109129 Crash at opera::component_based::OperaOneIntroduction
AnimationController::AnimateHideVisibility()
* DNA-109199 DCHECK when pinning tabs
* DNA-108893 Promote 100 to stable
- Complete Opera 100 changelog at:
https://blogs.opera.com/desktop/changelog-for-100/
- The update to chromium 114.0.5735.199 fixes following issues:
CVE-2023-3420, CVE-2023-3421, CVE-2023-3422

- Update to 99.0.4788.31

* DNA-107338 NotReached in SadTabView::OnPaint
* DNA-107689 Crash at extensions::
ShodanPrivateShowPopupForSelectedTextFunction::Run()

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.4:NonFree:

zypper in -t patch openSUSE-2023-251=1

Package List:

- openSUSE Leap 15.4:NonFree (x86_64):

opera-102.0.4880.40-lp154.2.50.1

References:

https://www.suse.com/security/cve/CVE-2023-2312.html
https://www.suse.com/security/cve/CVE-2023-3420.html
https://www.suse.com/security/cve/CVE-2023-3421.html
https://www.suse.com/security/cve/CVE-2023-3422.html
https://www.suse.com/security/cve/CVE-2023-4068.html
https://www.suse.com/security/cve/CVE-2023-4069.html
https://www.suse.com/security/cve/CVE-2023-4070.html
https://www.suse.com/security/cve/CVE-2023-4071.html
https://www.suse.com/security/cve/CVE-2023-4072.html
https://www.suse.com/security/cve/CVE-2023-4073.html
https://www.suse.com/security/cve/CVE-2023-4074.html
https://www.suse.com/security/cve/CVE-2023-4075.html
https://www.suse.com/security/cve/CVE-2023-4076.html
https://www.suse.com/security/cve/CVE-2023-4077.html
https://www.suse.com/security/cve/CVE-2023-4078.html
https://www.suse.com/security/cve/CVE-2023-4349.html
https://www.suse.com/security/cve/CVE-2023-4350.html
https://www.suse.com/security/cve/CVE-2023-4351.html
https://www.suse.com/security/cve/CVE-2023-4352.html
https://www.suse.com/security/cve/CVE-2023-4353.html
https://www.suse.com/security/cve/CVE-2023-4354.html
https://www.suse.com/security/cve/CVE-2023-4355.html
https://www.suse.com/security/cve/CVE-2023-4356.html
https://www.suse.com/security/cve/CVE-2023-4357.html
https://www.suse.com/security/cve/CVE-2023-4358.html
https://www.suse.com/security/cve/CVE-2023-4359.html
https://www.suse.com/security/cve/CVE-2023-4360.html
https://www.suse.com/security/cve/CVE-2023-4361.html
https://www.suse.com/security/cve/CVE-2023-4362.html
https://www.suse.com/security/cve/CVE-2023-4363.html
https://www.suse.com/security/cve/CVE-2023-4364.html
https://www.suse.com/security/cve/CVE-2023-4365.html
https://www.suse.com/security/cve/CVE-2023-4366.html
https://www.suse.com/security/cve/CVE-2023-4367.html
https://www.suse.com/security/cve/CVE-2023-4368.html
https://www.suse.com/security/cve/CVE-2023-4572.html