openSUSE Security Update : opera (openSUSE-2021-139)

high Nessus Plugin ID 145306
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 9.9

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

- Update to version 73.0.3856.344

- CHR-8265 Update chromium on desktop-stable-87-3856 to 87.0.4280.141

- DNA-90625 [Mac] Crash at opera::TabView::
GetPaintData(opera::TabState) const

- DNA-90735 Crash at opera::BrowserSidebarModel::GetItemVisible (opera::BrowserSidebarItem const*) const

- DNA-90780 Crash at extensions::CommandService::GetExtension ActionCommand(std::__1::basic_string const&, extensions:: ActionInfo::Type, extensions::CommandService::QueryType, extensions::Command*, bool*)

- DNA-90821 Crash at opera::BrowserSidebarController::
Action(opera::BrowserSidebarItem const*, opera::BrowserSidebarItemContentView*)

- The update to chromium 87.0.4280.141 fixes following issues: CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2020-16043, CVE-2021-21114, CVE-2020-15995, CVE-2021-21115, CVE-2021-21116

- Update to version 73.0.3856.329

- DNA-89156 Crash at content::RenderViewHostImpl::OnFocus()

- DNA-89731 [Mac] Bookmarks bar overlaps Babe section when hovering the OMenu

- DNA-90189 Music service portal logotypes are blurred on Win

- DNA-90336 add session data schema

- DNA-90399 Address bar dropdown suggestions overlap each other

- DNA-90520 Crash at absl::raw_logging_internal::RawLog(absl:: LogSeverity, char const*, int, char const*, …)

- DNA-90538 Crash at extensions::CommandService::
GetExtensionActionCommand(std::__1::basic_string const&, extensions::ActionInfo::Type, extensions::CommandService:: QueryType, extensions::Command*, bool*)

- DNA-90600 Don’t report workspace visibility, when functionality is disabled.

- DNA-90665 Collect music service statistics WP2

- DNA-90773 Bad translation from english to spanish in UI

- DNA-90789 Crash at opera::ThumbnailHelper::RunNextRequest()

Solution

Update the affected opera package.

Plugin Details

Severity: High

ID: 145306

File Name: openSUSE-2021-139.nasl

Version: 1.2

Type: local

Agent: unix

Published: 1/25/2021

Updated: 2/2/2021

Risk Information

Risk Factor: High

VPR Score: 9.9

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.6

Temporal Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 1/22/2021

Vulnerability Publication Date: 11/3/2020

Reference Information

CVE: CVE-2020-15995, CVE-2020-16043, CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2021-21114, CVE-2021-21115, CVE-2021-21116