openSUSE-SU-2024:0142-1: important: Security update for opera
openSUSE-SU-2024:0143-1: moderate: Security update for libqt5-qtnetworkauth
openSUSE-SU-2024:0142-1: important: Security update for opera
openSUSE Security Update: Security update for opera
_______________________________
Announcement ID: openSUSE-SU-2024:0142-1
Rating: important
References:
Cross-References: CVE-2024-4671 CVE-2024-5274
CVSS scores:
CVE-2024-4671 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.5:NonFree
_______________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for opera fixes the following issues:
- Update to 110.0.5130.39
* DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint
* DNA-116680 Import 0-day fix for CVE-2024-5274
- Update to 110.0.5130.35
* CHR-9721 Update Chromium on desktop-stable-124-5130 to 124.0.6367.202
* DNA-114787 Crash at views::View::DoRemoveChildView(views:: View*,
bool, bool, views::View*)
* DNA-115640 Tab island is not properly displayed after drag&drop in
light theme
* DNA-116191 Fix link in RTV Euro CoS
* DNA-116218 Crash at SkGpuShaderImageFilter::onFilterImage
(skif::Context const&)
* DNA-116241 Update affiliation link for media expert "Continue On"
* DNA-116256 Crash at TabHoverCardController::UpdateHoverCard
(opera::TabDataView*, TabHoverCardController::UpdateType, bool)
* DNA-116270 Show 'Suggestions' inside expanding Speed Dial field
* DNA-116474 Implement the no dynamic hover approach
* DNA-116493 Make sure that additional elements like (Sync your browser)
etc. doesnât shift content down on page
* DNA-116515 Import 0-day fix from Chromium "[wasm-gc] Only normalize
JSObject targets in SetOrCopyDataProperties"
* DNA-116543 Twitter migrate to x.com
* DNA-116552 Change max width of the banner
* DNA-116569 Twitter in Panel loading for the first time opens two Tabs
automatically
* DNA-116587 Translate settings strings for every language
- The update to chromium 124.0.6367.202 fixes following issues:
CVE-2024-4671
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.5:NonFree:
zypper in -t patch openSUSE-2024-142=1
Package List:
- openSUSE Leap 15.5:NonFree (x86_64):
opera-110.0.5130.39-lp155.3.48.1
References:
https://www.suse.com/security/cve/CVE-2024-4671.html
https://www.suse.com/security/cve/CVE-2024-5274.html
openSUSE-SU-2024:0143-1: moderate: Security update for libqt5-qtnetworkauth
openSUSE Security Update: Security update for libqt5-qtnetworkauth
_______________________________
Announcement ID: openSUSE-SU-2024:0143-1
Rating: moderate
References: #1224782
Cross-References: CVE-2024-36048
Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for libqt5-qtnetworkauth fixes the following issues:
- CVE-2024-36048: Fixed data race and poor seeding in
generateRandomString() (boo#1224782).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-143=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
libQt5NetworkAuth5-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-examples-5.15.2+kde2-bp155.3.3.1
- openSUSE Backports SLE-15-SP5 (aarch64_ilp32):
libQt5NetworkAuth5-64bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-64bit-5.15.2+kde2-bp155.3.3.1
- openSUSE Backports SLE-15-SP5 (noarch):
libqt5-qtnetworkauth-private-headers-devel-5.15.2+kde2-bp155.3.3.1
- openSUSE Backports SLE-15-SP5 (x86_64):
libQt5NetworkAuth5-32bit-5.15.2+kde2-bp155.3.3.1
libqt5-qtnetworkauth-devel-32bit-5.15.2+kde2-bp155.3.3.1
References:
https://www.suse.com/security/cve/CVE-2024-36048.html
https://bugzilla.suse.com/1224782
