openSUSE Security Update : opera (openSUSE-2020-1952)

High Nessus Plugin ID 143001

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 10

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

Opera was updated to version 72.0.3815.320

- CHR-8177 Update chromium on desktop-stable-86-3815 to 86.0.4240.183

- DNA-89748 ‘Manage Extensions’ dialog is displayed with preloaded extensions

- DNA-89766 Address bar does not respond to actions

- The update to chromium 86.0.4240.183 fixes following issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, CVE-2020-16011

- Update to version 72.0.3815.200

- DNA-87150 Speed Dial tile can’t be dragged to proper place

- DNA-89632 Improve hovering over icons

- DNA-89647 [Light mode] Wrong URL color in ‘Add Site’ section

- DNA-89791 Typo in Spanish

- The update to chromium 86.0.4240.111 fixes following issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-15999, CVE-2020-16003

- Complete Opera 72.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-72/

- Update to version 71.0.3770.271

- DNA-88353 Crash at opera::TabCyclerView::HighlightContents (content::WebContents*, bool)

- DNA-89177 Device update request should only be called when FCM token has changed

- DNA-89186 Handle device expired case in all server calls

- DNA-89202 Pages are rendered in dark mode when force dark mode prefs were synced from Opera GX

- DNA-89247 [Mac] Fullscreen video broken if sidebar is hidden

- DNA-89298 Some elements of VPN popup are misaligned to design

- DNA-89305 Crash after closing Downloads pop-up

Solution

Update the affected opera package.

See Also

https://blogs.opera.com/desktop/changelog-for-72/

Plugin Details

Severity: High

ID: 143001

File Name: openSUSE-2020-1952.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/11/18

Updated: 2020/11/20

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 10

CVSS Score Source: CVE-2020-16011

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 10

Temporal Score: 9.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.1, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2020/11/17

Vulnerability Publication Date: 2020/11/03

Reference Information

CVE: CVE-2020-15999, CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-16003, CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, CVE-2020-16011