openSUSE Security Update : opera (openSUSE-2019-2664)

high Nessus Plugin ID 131922
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

Opera was updated to version 65.0.3467.62

- CHR-7658 Update chromium on desktop-stable-78-3467 to 78.0.3904.108

- DNA-81387 Remove support for old bundle structure in signing scripts

- DNA-81675 Update widevine signature localisation in signed packages

- DNA-81884 [Advanced content blocking] Ads are blocked for whitelisted page in Incognito

- DNA-82230 [Mac] URL is not correctly aligned when the Geolocation is ON

- DNA-82368 Generating diffs for unsinged packages doesn’t work

- DNA-82414 Wrong number of trackers displayed just after deactivating adblocker

- DNA-82470 [Linux] Snap package doesn’t recognise GNOME 3.24 platform snap connection

- DNA-82473 https://www.nba.com/standings not working with AdBlocker enabled

- DNA-82484 Update content blocking icon

- DNA-82485 [Mac 10.15] Opera installer error at the end of installation process

- DNA-82508 [Adblocker] Predefault lists can not be unchecked

- DNA-82557 Address bar dropdown launches HTTP GETs for every autocomplete

- DNA-82596 Do not block first-party ‘trackers’

- DNA-82616 Settings – Tracker Blocker – Add “Learn more” link

- DNA-82626 [Win] High CPU usage due to media indicator animation

- DNA-82647 Tab icons mixed after Tab closing

- DNA-82742 Pages won’t load after closing private mode

- DNA-82768 Mark also the reference group in “exp” header for DNA-81658

- DNA-82840 Disable favicon fetching for typed URLs

Complete Opera 65.0 changelog at :

https://blogs.opera.com/desktop/changelog-for-65/

Update to version 64.0.3417.92

- DNA-81358 Wrong key color on extension popup in dark mode

- DNA-82208 Cherry-pick CVE-2019-13721 and CVE-2019-13720

Update to version 64.0.3417.83

- DNA-79676 Use FFmpegDemuxer to demux ADTS

- DNA-81010 Spinner takes a lot of cpu

- DNA-81385 Keys on some popups in dark mode can’t be hovered

- DNA-81494 [Mac] Snap onboarding doesn’t appear while the icon still flashes

- DNA-82003 Restore legacy path for AudioFileReader

- DNA-82019 Enable #ffmpeg-demuxer-everywhere by default in developer

- DNA-82028 Enable #ffmpeg-demuxer-everywhere by default in stable on macOS

Update to version 64.0.3417.73

- CHR-7598 Update chromium on desktop-stable-77-3417 to 77.0.3865.120

- DNA-80049 The upper border of “Add to bookmarks bar” popup is cut off in white mode

- DNA-80395 Menu popup borders in Settings are invisible in Dark mode

- DNA-81263 Change the continue section buttons visibility as in description

- DNA-81304 Crash at chrome::NewTab(Browser*)

- DNA-81650 Easy Setup Style looks weird

- DNA-81708 Missing dependency on //chrome/common:buildflags

- DNA-81732 [Mac][Catalina] Cannot maximize a window after it’s been minimized

- DNA-81737 Renderer crash on https://codesandbox.io/s/vanilla-ts

- DNA-81753 Pinned tab only remembered after next restart

- DNA-81769 Investigate reports about slow speed dial loading in O64 blog comments

- DNA-81859 [Mac 10.15] Crash whenever navigating to any page

- DNA-81893 Get Personalised news on SpeedDials broken layout

Update to version 64.0.3417.61

- DNA-80760 Sidebar Messenger icon update

- DNA-81165 Remove sharing service

- DNA-81211 [Advanced content blocking] Can not turn off ad blocking in private mode

- DNA-81323 content_filter::RendererConfigProvider destroyed on wrong sequence

- DNA-81487 [VPN disclaimer][da, ta] Text should be multiline

- DNA-81545 opr-session entry for Google ads not working

- DNA-81580 Speed dials’ colours change after Opera update

- DNA-81597 [Adblocker] Google Ads link hides if clicking

- DNA-81639 Widevine verification status is PLATFORM_TAMPERED

- DNA-81237 [Advanced content blocking] noCoinis not enabled by default

- DNA-81375 Adblocking_AddToWhitelist_Popup and Adblocking_RemoveFromWhitelist_Popup metric not recorded in stats

- DNA-81413 Error in console when Start Page connects to My Flow

- DNA-81435 Adjust VPN disclaimer to longer strings [de]

Update to version 64.0.3417.47

- DNA-80531 [Reborn3] Unify Switches

- DNA-80738 “How to protect my privacy” link

- DNA-81162 Enable #advanced-content-blocking on developer stream

- DNA-81202 Privacy Protection popup doesn’t resize after enabling blockers

- DNA-81230 [Mac] Drop support for 10.10

- DNA-81280 Adjust button width to the shorter string

- DNA-81295 Opera 64 translations

- DNA-81346 Enable #advanced-content-blocking on all streams

- DNA-81434 Turn on #new-vpn-flow in all streams

- DNA-81436 Import translations from Chromium to O64

- DNA-81460 Promote O64 to stable

- DNA-81461 Snap onboarding is cut

- DNA-81467 Integrate missing translations (Chinese, MS and TL) to O64/65

- DNA-81489 Start page goes into infinite loop

Complete Opera 64.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-64/

Update to version 63.0.3368.94

- CHR-7516 Update chromium on master to 78.0.3887.7

- DNA-80966 [Linux] Integrate a new key into our packages

Update to version 63.0.3368.88

- DNA-79103 Saving link to bookmarks saves it to Other bookmarks folder

- DNA-79455 Crash at views::MenuController::
FindNextSelectableMenuItem(views::MenuItemView*, int, views:: MenuController::SelectionIncrementDirectionType, bool)

- DNA-79579 Continuous packages using new_mac_bundle_structure do not run

- DNA-79611 Update opauto_paths.py:GetResourcesDir

- DNA-79621 Add support for new bundle structure to old autoupdate clients

- DNA-79906 Fix package build

- DNA-80131 Sign Opera Helper(GPU).app

- DNA-80191 Fix opera_components/tracking_data/tracking_data_paths.cc

- DNA-80638 Cherry-pick fix for CreditCardTest.
UpdateFromImportedCard_ExpiredVerifiedCardUpdatedWithSam eName

- DNA-80801 Very slow tab deletion process

Solution

Update the affected opera package.

See Also

https://blogs.opera.com/desktop/changelog-for-64/

https://blogs.opera.com/desktop/changelog-for-65/

https://codesandbox.io/s/vanilla-ts

https://www.nba.com/standings

Plugin Details

Severity: High

ID: 131922

File Name: openSUSE-2019-2664.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/10/2019

Updated: 1/29/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/10/2019

Vulnerability Publication Date: 11/25/2019

Reference Information

CVE: CVE-2019-13720, CVE-2019-13721