Detections
Analytics

openSUSE Security Update : opera (openSUSE-2019-2664)

high Nessus Plugin ID 131922

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

Opera was updated to version 65.0.3467.62

 - CHR-7658 Update chromium on desktop-stable-78-3467 to 78.0.3904.108

 - DNA-81387 Remove support for old bundle structure in signing scripts

 - DNA-81675 Update widevine signature localisation in signed packages

 - DNA-81884 [Advanced content blocking] Ads are blocked for whitelisted page in Incognito

 - DNA-82230 [Mac] URL is not correctly aligned when the Geolocation is ON

 - DNA-82368 Generating diffs for unsinged packages doesn’t work

 - DNA-82414 Wrong number of trackers displayed just after deactivating adblocker

 - DNA-82470 [Linux] Snap package doesn’t recognise GNOME 3.24 platform snap connection

 - DNA-82473 https://www.nba.com/standings not working with AdBlocker enabled

 - DNA-82484 Update content blocking icon

 - DNA-82485 [Mac 10.15] Opera installer error at the end of installation process

 - DNA-82508 [Adblocker] Predefault lists can not be unchecked

 - DNA-82557 Address bar dropdown launches HTTP GETs for every autocomplete

 - DNA-82596 Do not block first-party ‘trackers’

 - DNA-82616 Settings – Tracker Blocker – Add “Learn more” link

 - DNA-82626 [Win] High CPU usage due to media indicator animation

 - DNA-82647 Tab icons mixed after Tab closing

 - DNA-82742 Pages won’t load after closing private mode

 - DNA-82768 Mark also the reference group in “exp” header for DNA-81658

 - DNA-82840 Disable favicon fetching for typed URLs

Complete Opera 65.0 changelog at :

https://blogs.opera.com/desktop/changelog-for-65/

Update to version 64.0.3417.92

 - DNA-81358 Wrong key color on extension popup in dark mode

 - DNA-82208 Cherry-pick CVE-2019-13721 and CVE-2019-13720

Update to version 64.0.3417.83

 - DNA-79676 Use FFmpegDemuxer to demux ADTS

 - DNA-81010 Spinner takes a lot of cpu

 - DNA-81385 Keys on some popups in dark mode can’t be hovered

 - DNA-81494 [Mac] Snap onboarding doesn’t appear while the icon still flashes

 - DNA-82003 Restore legacy path for AudioFileReader

 - DNA-82019 Enable #ffmpeg-demuxer-everywhere by default in developer

 - DNA-82028 Enable #ffmpeg-demuxer-everywhere by default in stable on macOS

Update to version 64.0.3417.73

 - CHR-7598 Update chromium on desktop-stable-77-3417 to 77.0.3865.120

 - DNA-80049 The upper border of “Add to bookmarks bar” popup is cut off in white mode

 - DNA-80395 Menu popup borders in Settings are invisible in Dark mode

 - DNA-81263 Change the continue section buttons visibility as in description

 - DNA-81304 Crash at chrome::NewTab(Browser*)

 - DNA-81650 Easy Setup Style looks weird

 - DNA-81708 Missing dependency on //chrome/common:buildflags

 - DNA-81732 [Mac][Catalina] Cannot maximize a window after it’s been minimized

 - DNA-81737 Renderer crash on https://codesandbox.io/s/vanilla-ts

 - DNA-81753 Pinned tab only remembered after next restart

 - DNA-81769 Investigate reports about slow speed dial loading in O64 blog comments

 - DNA-81859 [Mac 10.15] Crash whenever navigating to any page

 - DNA-81893 Get Personalised news on SpeedDials broken layout

Update to version 64.0.3417.61

 - DNA-80760 Sidebar Messenger icon update

 - DNA-81165 Remove sharing service

 - DNA-81211 [Advanced content blocking] Can not turn off ad blocking in private mode

 - DNA-81323 content_filter::RendererConfigProvider destroyed on wrong sequence

 - DNA-81487 [VPN disclaimer][da, ta] Text should be multiline

 - DNA-81545 opr-session entry for Google ads not working

 - DNA-81580 Speed dials’ colours change after Opera update

 - DNA-81597 [Adblocker] Google Ads link hides if clicking

 - DNA-81639 Widevine verification status is PLATFORM_TAMPERED

 - DNA-81237 [Advanced content blocking] noCoinis not enabled by default

 - DNA-81375 Adblocking_AddToWhitelist_Popup and Adblocking_RemoveFromWhitelist_Popup metric not recorded in stats

 - DNA-81413 Error in console when Start Page connects to My Flow

 - DNA-81435 Adjust VPN disclaimer to longer strings [de]

Update to version 64.0.3417.47

 - DNA-80531 [Reborn3] Unify Switches

 - DNA-80738 “How to protect my privacy” link

 - DNA-81162 Enable #advanced-content-blocking on developer stream

 - DNA-81202 Privacy Protection popup doesn’t resize after enabling blockers

 - DNA-81230 [Mac] Drop support for 10.10

 - DNA-81280 Adjust button width to the shorter string

 - DNA-81295 Opera 64 translations

 - DNA-81346 Enable #advanced-content-blocking on all streams

 - DNA-81434 Turn on #new-vpn-flow in all streams

 - DNA-81436 Import translations from Chromium to O64

 - DNA-81460 Promote O64 to stable

 - DNA-81461 Snap onboarding is cut

 - DNA-81467 Integrate missing translations (Chinese, MS and TL) to O64/65

 - DNA-81489 Start page goes into infinite loop

Complete Opera 64.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-64/

Update to version 63.0.3368.94

 - CHR-7516 Update chromium on master to 78.0.3887.7

 - DNA-80966 [Linux] Integrate a new key into our packages

Update to version 63.0.3368.88

 - DNA-79103 Saving link to bookmarks saves it to Other bookmarks folder

 - DNA-79455 Crash at views::MenuController::
 FindNextSelectableMenuItem(views::MenuItemView*, int, views:: MenuController::SelectionIncrementDirectionType, bool)

 - DNA-79579 Continuous packages using new_mac_bundle_structure do not run

 - DNA-79611 Update opauto_paths.py:GetResourcesDir

 - DNA-79621 Add support for new bundle structure to old autoupdate clients

 - DNA-79906 Fix package build

 - DNA-80131 Sign Opera Helper(GPU).app

 - DNA-80191 Fix opera_components/tracking_data/tracking_data_paths.cc

 - DNA-80638 Cherry-pick fix for CreditCardTest.
 UpdateFromImportedCard_ExpiredVerifiedCardUpdatedWithSam eName

 - DNA-80801 Very slow tab deletion process

Solution

Update the affected opera package.

See Also

https://blogs.opera.com/desktop/changelog-for-64/

https://blogs.opera.com/desktop/changelog-for-65/

https://codesandbox.io/s/vanilla-ts

https://www.nba.com/standings

Plugin Details

Severity: High

ID: 131922

File Name: openSUSE-2019-2664.nasl

Version: 1.7

Type: local

Agent: unix

Published: 12/10/2019

Updated: 12/5/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-13721

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/10/2019

Vulnerability Publication Date: 11/25/2019

CISA Known Exploited Vulnerability Due Dates: 6/13/2022

Reference Information

CVE: CVE-2019-13720, CVE-2019-13721