Detections
Analytics

openSUSE Security Update : opera (openSUSE-2021-712)

critical Nessus Plugin ID 150103

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

Update to version 76.0.4017.94

 - released on the stable branch

Update to version 76.0.4017.88

 - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85

 - DNA-92219 Add bookmark API supports to the front-end

 - DNA-92409 [MAC] ‘Present now’ options windows appear behind detached window

 - DNA-92615 Capture tab from the tab context menu

 - DNA-92616 Capture tab from Snapshot

 - DNA-92617 Capture tab from image context menu

 - DNA-92652 Opera 76 translations

 - DNA-92680 Make image selector on any page work like bookmarks popup WP2

 - DNA-92707 Crash at void base::ObserverList::AddObserver(class content::PrerenderHost::Observer*)

 - DNA-92710 Autoupdate on macOS 11.3 not working

 - DNA-92711 Make image selector on any page work like bookmarks popup WP3

 - DNA-92730 Make image selector on any page work like bookmarks popup WP4

 - DNA-92761 Make image selector on any page work like bookmarks popup WP5

 - DNA-92776 Make image selector on any page work like bookmarks popup WP6

 - DNA-92862 Make “View pinboards” button work

 - DNA-92906 Provide in-house translations for Cashback strings to Spanish

 - DNA-92908 API collides with oneclick installer

 - The update to chromium 90.0.4430.85 fixes following issues :

 - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226

 - Complete Opera 76.0 changelog at:
 https://blogs.opera.com/desktop/changelog-for-76/

Update to version 75.0.3969.218

 - CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128

 - DNA-92113 Windows debug fails to compile opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj

 - DNA-92198 [Arm] Update signing scripts

 - DNA-92200 [Arm] Create universal packages from two buildsets

 - DNA-92338 [Search tabs] The preview isn’t updated when the tab from another window is closed

 - DNA-92410 [Download popup] Selected item still looks bad in dark mode

 - DNA-92441 Compilation error

 - DNA-92514 Allow to generate universal DMG package from existing universal .tar.xz

 - DNA-92608 Opera 75 crash during rapid workspace switching

 - DNA-92627 Crash at automation::Error::code()

 - DNA-92630 Crash at opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem iumExtensionFeatureEnabled()

 - DNA-92648 Amazon icon disappears from Sidebar Extensions section after pressing Hide Amazon button

 - DNA-92681 Add missing string in Japanese

 - DNA-92684 Fix issues with signing multiple bsids

 - DNA-92706 Update repack generation from universal packages

 - DNA-92725 Enable IPFS for all channels

 - The update to chromium 89.0.4389.128 fixes following issues: CVE-2021-21206, CVE-2021-21220

Solution

Update the affected opera package.

See Also

https://blogs.opera.com/desktop/changelog-for-76/

Plugin Details

Severity: Critical

ID: 150103

File Name: openSUSE-2021-712.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/1/2021

Updated: 4/25/2023

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-21226

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 9.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2021

Vulnerability Publication Date: 4/26/2021

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Exploitable With

Metasploit (Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE)

Reference Information

CVE: CVE-2021-21206, CVE-2021-21220, CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226