openSUSE Security Update : opera (openSUSE-2020-2360)

high Nessus Plugin ID 145375

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

- Update to version 73.0.3856.284

- CHR-8225 Update chromium on desktop-stable-87-3856 to 87.0.4280.88

- DNA-88454 Background of snap area above visible scrolled viewport is not captured

- DNA-89749 Implement client_capabilities support for Flow / Sync

- DNA-89810 Opera no longer autoselects full url/address bar when clicked

- DNA-89923 [Snap] Emojis look grayed out

- DNA-90060 Make gesture events work with search-in-tabs feature

- DNA-90168 Display SD suggestions titles

- DNA-90176 Player doesn’t show music service to choose on Welcome page

- DNA-90343 [Mac] Cmd+C doesn’t copy snapshot

- DNA-90538 Crash at extensions::CommandService::
GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)

- The update to chromium 87.0.4280.88 fixes following issues: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042

- Update to version 73.0.3856.257

- DNA-89918 #enable-force-dark flag doesn’t work anymore

- DNA-90061 Clicking on video’s progress bar breaks autopausing

- DNA-90079 [BigSur] Blank pages

- DNA-90154 Crash at extensions::CommandService::
GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)

- Complete Opera 73.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-73/

Solution

Update the affected opera package.

See Also

https://blogs.opera.com/desktop/changelog-for-73/

Plugin Details

Severity: High

ID: 145375

File Name: openSUSE-2020-2360.nasl

Version: 1.8

Type: local

Agent: unix

Published: 1/25/2021

Updated: 1/26/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-16039

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/29/2020

Vulnerability Publication Date: 1/8/2021

Exploitable With

Metasploit (Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase)

Reference Information

CVE: CVE-2020-16037, CVE-2020-16038, CVE-2020-16039, CVE-2020-16040, CVE-2020-16041, CVE-2020-16042