openSUSE Security Update : opera (openSUSE-2021-413)

high Nessus Plugin ID 148839
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

- Update to version 74.0.3911.203

- CHR-8324 Update chromium on desktop-stable-88-3911 to 88.0.4324.182(boo#1182358)

- DNA-90762 Replace “Don’t show again”
with “Discard”

- DNA-90974 Crash at opera::PersistentRecentlyClosedWindows::GetEntryType(Ses sionID)

- DNA-91289 [Search tabs] Wrong tab stays highlighted after removing another tab

- DNA-91476 Invalid memory dereference PlayerServiceBrowsertest

- DNA-91502 Change system name on opera://about page for MacOS

- DNA-91740 Missing title in Extensions Toolbar Menu

- The update to chromium 88.0.4324.182 fixes following issues: CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157

- Update to version 74.0.3911.160

- DNA-90409 Cleanup JavaScript dialogs: app modal & tab modal

- DNA-90720 [Search Tabs] Allow discarding recently closed items

- DNA-90802 [Windows] Debug fails on linking

- DNA-91130 heap-use-after-free in CashbackBackendServiceTest.AutoUpdateSchedule

- DNA-91152 Allow reading agent variables in trigger conditions

- DNA-91225 [Search tabs] The webpage doesn’t move from “Open tabs” to “Recently closed” section

- DNA-91243 Add Rich Hint support for the cashback badge and popup

- DNA-91483 component_unittests are timing out

- DNA-91516 Sidebar setup opens only with cashback enabled

- DNA-91601 No text in 1st line of address bar dropdown suggestions

- DNA-91603 Jumbo build problem on desktop-stable-88-3911

Solution

Update the affected opera package.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1182358

Plugin Details

Severity: High

ID: 148839

File Name: openSUSE-2021-413.nasl

Version: 1.5

Type: local

Agent: unix

Published: 4/20/2021

Updated: 11/30/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2021-21157

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2021

Vulnerability Publication Date: 2/9/2021

Reference Information

CVE: CVE-2021-21148, CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157