SUSE 5150 Published by

An opera security update has been released for openSUSE Leap 15.4.



openSUSE-SU-2023:0337-1: important: Security update for opera


openSUSE Security Update: Security update for opera
_______________________________

Announcement ID: openSUSE-SU-2023:0337-1
Rating: important
References:
Cross-References: CVE-2023-5218 CVE-2023-5473 CVE-2023-5474
CVE-2023-5475 CVE-2023-5476 CVE-2023-5477
CVE-2023-5478 CVE-2023-5479 CVE-2023-5481
CVE-2023-5483 CVE-2023-5484 CVE-2023-5485
CVE-2023-5486 CVE-2023-5487
CVSS scores:
CVE-2023-5218 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-5473 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2023-5474 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-5475 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-5476 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-5477 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-5478 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-5479 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-5481 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-5483 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-5484 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-5485 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-5486 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-5487 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products:
openSUSE Leap 15.4:NonFree
_______________________________

An update that fixes 14 vulnerabilities is now available.

Description:

This update for opera fixes the following issues:

- Update to 104.0.4944.23
* DNA-110465 [Scrollable tab strip] Weird animation when closing tab
* DNA-112021 Favicons disappear from history after being hovered over
* DNA-112310 Put opening animation on start page behind a flag
* DNA-112462 Crash at opera::SidebarItemViewImpl::
StateChanged(views::Button::ButtonState)
* DNA-112464 Crash at anonymous namespace::SwitchToTabButton::
OnThemeChanged()
* DNA-112518 Force Default as last used Profile
* DNA-112534 Set profiles_order to Default dir

- Changes in 104.0.4944.18
* CHR-9471 Update Chromium on desktop-stable-118-4944 to 118.0.5993.71
* DNA-111704 chrome.webRequest.onHeadersReceived event is not fired for
extension if page opened from SpeedDial tile
* DNA-111878 Highlighting of tabs and bookmarks in dark mode is almost
invisible.
* DNA-111883 [Address bar] Hover effect on page is placed too high
* DNA-111922 [Linux] Change Opera beta application icon
* DNA-111955 Reduce colors used in Opera as much as possible
* DNA-112075 Rename palette colors in theme for better reusability
* DNA-112108 Fix dangling WebContents ptr bound to
TabSnoozeInfobarDelegate::Show callback
* DNA-112222 Tab in island not marked as active
* DNA-112242 Disable feature flag #platform-h264-decoder-in-gpu by
default on stable channel
* DNA-112265 Promote 104 to stable
* DNA-112312 Turn on #wallet-selector on all streams
* DNA-112313 Enable #pinboard-popup-refresh on all streams
* DNA-112426 [profile migration] Renaming invalid Default to Default.old
is not needed anymore
- The update to chromium 118.0.5993.71 fixes following issues:
CVE-2023-5218, CVE-2023-5487, CVE-2023-5484, CVE-2023-5475,
CVE-2023-5483, CVE-2023-5481, CVE-2023-5476, CVE-2023-5474,
CVE-2023-5479, CVE-2023-5485, CVE-2023-5478, CVE-2023-5477,
CVE-2023-5486, CVE-2023-5473
- Complete Opera 104 changelog at:
https://blogs.opera.com/desktop/changelog-for-104/

- Update to 103.0.4928.34
* DNA-111680 Fix highlight of bookmarks bar folder elements
* DNA-111703 O icon moves upon opening menu
* DNA-111883 [Address bar] Hover effect on page is placed too high
* DNA-111940 OMenu text displaced to the right without any indentation
* DNA-112118 Crash at history::URLDatabase::
CreateContinueOnIndexIfNeeded(std::__Cr::vector)

- Update to 103.0.4928.26
* DNA-111681 Disappearing icons of bookmarks bar folders elements
* DNA-112020 Enable #address-bar-dropdown-cities on all streams

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.4:NonFree:

zypper in -t patch openSUSE-2023-337=1

Package List:

- openSUSE Leap 15.4:NonFree (x86_64):

opera-104.0.4944.23-lp154.2.56.1

References:

https://www.suse.com/security/cve/CVE-2023-5218.html
https://www.suse.com/security/cve/CVE-2023-5473.html
https://www.suse.com/security/cve/CVE-2023-5474.html
https://www.suse.com/security/cve/CVE-2023-5475.html
https://www.suse.com/security/cve/CVE-2023-5476.html
https://www.suse.com/security/cve/CVE-2023-5477.html
https://www.suse.com/security/cve/CVE-2023-5478.html
https://www.suse.com/security/cve/CVE-2023-5479.html
https://www.suse.com/security/cve/CVE-2023-5481.html
https://www.suse.com/security/cve/CVE-2023-5483.html
https://www.suse.com/security/cve/CVE-2023-5484.html
https://www.suse.com/security/cve/CVE-2023-5485.html
https://www.suse.com/security/cve/CVE-2023-5486.html
https://www.suse.com/security/cve/CVE-2023-5487.html