Detections
Analytics
openSUSE 15 Security Update : opera (openSUSE-SU-2021:1310-1)
high Nessus Plugin ID 153669
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1310-1 advisory.- Chromium: CVE-2021-30606 Use after free in Blink (CVE-2021-30606)
- Chromium: CVE-2021-30607 Use after free in Permissions (CVE-2021-30607)
- Chromium: CVE-2021-30608 Use after free in Web Share (CVE-2021-30608)
- Chromium: CVE-2021-30609 Use after free in Sign-In (CVE-2021-30609)
- Chromium: CVE-2021-30610 Use after free in Extensions API (CVE-2021-30610)
- Chromium: CVE-2021-30611 Use after free in WebRTC (CVE-2021-30611)
- Chromium: CVE-2021-30612 Use after free in WebRTC (CVE-2021-30612)
- Chromium: CVE-2021-30613 Use after free in Base internals (CVE-2021-30613)
- Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip (CVE-2021-30614)
- Chromium: CVE-2021-30615 Cross-origin data leak in Navigation (CVE-2021-30615)
- Chromium: CVE-2021-30616 Use after free in Media (CVE-2021-30616)
- Chromium: CVE-2021-30617 Policy bypass in Blink (CVE-2021-30617)
- Chromium: CVE-2021-30618 Inappropriate implementation in DevTools (CVE-2021-30618)
- Chromium: CVE-2021-30619 UI Spoofing in Autofill (CVE-2021-30619)
- Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink (CVE-2021-30620)
- Chromium: CVE-2021-30621 UI Spoofing in Autofill (CVE-2021-30621)
- Chromium: CVE-2021-30622 Use after free in WebApp Installs (CVE-2021-30622)
- Chromium: CVE-2021-30623 Use after free in Bookmarks (CVE-2021-30623)
- Chromium: CVE-2021-30624 Use after free in Autofill (CVE-2021-30624)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected opera package.See Also
http://www.nessus.org/u?0265fbbf
https://www.suse.com/security/cve/CVE-2021-30606
https://www.suse.com/security/cve/CVE-2021-30607
https://www.suse.com/security/cve/CVE-2021-30608
https://www.suse.com/security/cve/CVE-2021-30609
https://www.suse.com/security/cve/CVE-2021-30610
https://www.suse.com/security/cve/CVE-2021-30611
https://www.suse.com/security/cve/CVE-2021-30612
https://www.suse.com/security/cve/CVE-2021-30613
https://www.suse.com/security/cve/CVE-2021-30614
https://www.suse.com/security/cve/CVE-2021-30615
https://www.suse.com/security/cve/CVE-2021-30616
https://www.suse.com/security/cve/CVE-2021-30617
https://www.suse.com/security/cve/CVE-2021-30618
https://www.suse.com/security/cve/CVE-2021-30619
https://www.suse.com/security/cve/CVE-2021-30620
https://www.suse.com/security/cve/CVE-2021-30621
https://www.suse.com/security/cve/CVE-2021-30622
Plugin Details
Severity: High
ID: 153669
File Name: openSUSE-2021-1310.nasl
Version: 1.3
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 9/26/2021
Updated: 10/7/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-30624
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 9/25/2021
Vulnerability Publication Date: 8/31/2021
Reference Information
CVE: CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624
IAVA: 2021-A-0401-S