openSUSE Security Update : opera (openSUSE-2021-712)

critical Nessus Plugin ID 150103
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

Update to version 76.0.4017.94

- released on the stable branch

Update to version 76.0.4017.88

- CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85

- DNA-92219 Add bookmark API supports to the front-end

- DNA-92409 [MAC] ‘Present now’ options windows appear behind detached window

- DNA-92615 Capture tab from the tab context menu

- DNA-92616 Capture tab from Snapshot

- DNA-92617 Capture tab from image context menu

- DNA-92652 Opera 76 translations

- DNA-92680 Make image selector on any page work like bookmarks popup WP2

- DNA-92707 Crash at void base::ObserverList::AddObserver(class content::PrerenderHost::Observer*)

- DNA-92710 Autoupdate on macOS 11.3 not working

- DNA-92711 Make image selector on any page work like bookmarks popup WP3

- DNA-92730 Make image selector on any page work like bookmarks popup WP4

- DNA-92761 Make image selector on any page work like bookmarks popup WP5

- DNA-92776 Make image selector on any page work like bookmarks popup WP6

- DNA-92862 Make “View pinboards” button work

- DNA-92906 Provide in-house translations for Cashback strings to Spanish

- DNA-92908 API collides with oneclick installer

- The update to chromium 90.0.4430.85 fixes following issues :

- CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226

- Complete Opera 76.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-76/

Update to version 75.0.3969.218

- CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128

- DNA-92113 Windows debug fails to compile opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj

- DNA-92198 [Arm] Update signing scripts

- DNA-92200 [Arm] Create universal packages from two buildsets

- DNA-92338 [Search tabs] The preview isn’t updated when the tab from another window is closed

- DNA-92410 [Download popup] Selected item still looks bad in dark mode

- DNA-92441 Compilation error

- DNA-92514 Allow to generate universal DMG package from existing universal .tar.xz

- DNA-92608 Opera 75 crash during rapid workspace switching

- DNA-92627 Crash at automation::Error::code()

- DNA-92630 Crash at opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem iumExtensionFeatureEnabled()

- DNA-92648 Amazon icon disappears from Sidebar Extensions section after pressing Hide Amazon button

- DNA-92681 Add missing string in Japanese

- DNA-92684 Fix issues with signing multiple bsids

- DNA-92706 Update repack generation from universal packages

- DNA-92725 Enable IPFS for all channels

- The update to chromium 89.0.4389.128 fixes following issues: CVE-2021-21206, CVE-2021-21220

Solution

Update the affected opera package.

See Also

https://blogs.opera.com/desktop/changelog-for-76/

Plugin Details

Severity: Critical

ID: 150103

File Name: openSUSE-2021-712.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/1/2021

Updated: 6/3/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 9.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:opera, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2021

Vulnerability Publication Date: 4/26/2021

Exploitable With

Metasploit (Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE)

Reference Information

CVE: CVE-2021-21206, CVE-2021-21220, CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226