openSUSE Security Update : opera (openSUSE-2020-1713)

High Nessus Plugin ID 141905

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9.2

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

opera was updated to version 71.0.3770.228

- DNA-87466 Hide extensions icon is black in dark theme

- DNA-88580 Implement search_in_tabs telemetry benchmark

- DNA-88591 Allow to scroll down the Keyboards Shortcuts section with URL

- DNA-88693 Random crash in SmartFilesBrowserTest

- DNA-88793 change VPN disclaimer modal layout

- DNA-88799 Only active workspaces and active messengers should be listed in keyboard shortcuts settings

- DNA-88838 add automatic VPN connection preference setting

- DNA-88870 Align VPN popup to new design

- DNA-88900 Turn off Tutorials in Opera GX –
implementation

- DNA-88931 Add info about channel and product (OPR, OPRGX) to rollout requests

- DNA-88940 Allow continue-shopping|booking-host-override switch to handle host and path

- DNA-88946 Auto-connect VPN after browser startup only for existing VPN users

- DNA-89009 Change URL for search-suggestions

- DNA-89021 Make RH test driver pack to a separate archive

- DNA-89150 Unhardcode ‘From’ and ‘To’ strings in Advanced History Search

- DNA-89175 Desktop without a flow paring should not initialize in browser startup

Opera was updated to version 71.0.3770.198

- CHR-8106 Update chromium on desktop-stable-85-3770 to 85.0.4183.121

- DNA-85648 Reconnecting Flow with iOS is unstable

- DNA-87130 Spinner is stretched instead of clipped

- DNA-87989 In Find in Page, “No matches”
doesn’t go away after deleting all text

- DNA-88098 Data URLs entries should not open new tab after click on new history page

- DNA-88267 Extra semicolon in Russian BABE translation

- DNA-88312 [Win] Downloads file drag and drop doesn’t work in Opera

- DNA-88363 Add premium extension functionality

- DNA-88580 Implement search_in_tabs telemetry benchmark

- DNA-88611 Black font on a dark background in sync login dialog

- DNA-88626 Disable #easy-files on desktop-stable-85-xxxx

- DNA-88701 String “Type a shortcut” is hardcoded

- DNA-88755 Crash at extensions::WebstoreOneClickInstallerUIImpl::
RemoveAllInfobarsExcept(opera::ExtensionInstallInfoBarDe legate*)

- DNA-88797 Change ‘Register’ to ‘Tab’ in German

- DNA-88851 [History][Resized window] Button and date input look bad

- DNA-88958 Crash at net::`anonymous namespace”::Escape

- The update to chromium 85.0.4183.121 fixes following issues :

- CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15965, CVE-2020-15966, CVE-2020-15964

- Update to version 71.0.3770.148

- CHR-8091 Update chromium on desktop-stable-85-3770 to 85.0.4183.102

- DNA-87785 [Mac] “Alitools” text in extension toolbar overlaps Install button

- DNA-87935 Make SSD smaller by 25%

- DNA-87963 Hidden Avira extension in avira_2 edition

- DNA-88015 [MyFlow] Desktop doesn’t show itself in devices list

- DNA-88469 Add context menu options to configure shortcuts

- DNA-88496 Define a/b test in ab_tests.json

- DNA-88537 Don’t filter out hashes from feature reference groups coming from rollout

- DNA-88580 Implement search_in_tabs telemetry benchmark

- DNA-88604 [History panel] Search bar covers the “Clear browsing data” button

- DNA-88619 String ‘Download complete’ is cut on download popup

- DNA-88645 Remove option should not be available for last workspace

- DNA-88718 [History panel] fix delete button overflow issue

- The update to chromium 85.0.4183.102 fixes following issues :

- CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959

- Complete Opera 71.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-71/

- Update to version 70.0.3728.144

- CHR-8057 Update chromium on desktop-stable-84-3728 to 84.0.4147.135

- DNA-88027 [Mac] Downloads icon disappears when downloads popup is shown

- DNA-88204 Crash at opera::DownloadItemView::OnMousePressed (ui::MouseEvent const&)

- The update to chromium 84.0.4147.135 fixes following issues :

- CVE-2020-6556

Solution

Update the affected opera package.

See Also

https://blogs.opera.com/desktop/changelog-for-71/

Plugin Details

Severity: High

ID: 141905

File Name: openSUSE-2020-1713.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/10/26

Updated: 2020/10/28

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 9.2

CVSS Score Source: CVE-2020-6556

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.1, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/10/23

Vulnerability Publication Date: 2020/09/21

Reference Information

CVE: CVE-2020-15959, CVE-2020-15960, CVE-2020-15961, CVE-2020-15962, CVE-2020-15963, CVE-2020-15964, CVE-2020-15965, CVE-2020-15966, CVE-2020-6556, CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576