opensuse-su-2019:2664-1
Vulnerability from csaf_opensuse
Published
2019-12-10 07:30
Modified
2019-12-10 07:30
Summary
Security update for opera

Notes

Title of the patch
Security update for opera
Description of the patch
This update for opera fixes the following issues: Opera was updated to version 65.0.3467.62 - CHR-7658 Update chromium on desktop-stable-78-3467 to 78.0.3904.108 - DNA-81387 Remove support for old bundle structure in signing scripts - DNA-81675 Update widevine signature localisation in signed packages - DNA-81884 [Advanced content blocking] Ads are blocked for whitelisted page in Incognito - DNA-82230 [Mac] URL is not correctly aligned when the Geolocation is ON - DNA-82368 Generating diffs for unsinged packages doesn’t work - DNA-82414 Wrong number of trackers displayed just after deactivating adblocker - DNA-82470 [Linux] Snap package doesn’t recognise GNOME 3.24 platform snap connection - DNA-82473 https://www.nba.com/standings not working with AdBlocker enabled - DNA-82484 Update content blocking icon - DNA-82485 [Mac 10.15] Opera installer error at the end of installation process - DNA-82508 [Adblocker] Predefault lists can not be unchecked - DNA-82557 Address bar dropdown launches HTTP GETs for every autocomplete - DNA-82596 Do not block first-party ‘trackers’ - DNA-82616 Settings – Tracker Blocker – Add “Learn more” link - DNA-82626 [Win] High CPU usage due to media indicator animation - DNA-82647 Tab icons mixed after Tab closing - DNA-82742 Pages won’t load after closing private mode - DNA-82768 Mark also the reference group in “exp” header for DNA-81658 - DNA-82840 Disable favicon fetching for typed URLs Complete Opera 65.0 changelog at: https://blogs.opera.com/desktop/changelog-for-65/ Update to version 64.0.3417.92 - DNA-81358 Wrong key color on extension popup in dark mode - DNA-82208 Cherry-pick CVE-2019-13721 and CVE-2019-13720 Update to version 64.0.3417.83 - DNA-79676 Use FFmpegDemuxer to demux ADTS - DNA-81010 Spinner takes a lot of cpu - DNA-81385 Keys on some popups in dark mode can’t be hovered - DNA-81494 [Mac] Snap onboarding doesn’t appear while the icon still flashes - DNA-82003 Restore legacy path for AudioFileReader - DNA-82019 Enable #ffmpeg-demuxer-everywhere by default in developer - DNA-82028 Enable #ffmpeg-demuxer-everywhere by default in stable on macOS Update to version 64.0.3417.73 - CHR-7598 Update chromium on desktop-stable-77-3417 to 77.0.3865.120 - DNA-80049 The upper border of “Add to bookmarks bar” popup is cut off in white mode - DNA-80395 Menu popup borders in Settings are invisible in Dark mode - DNA-81263 Change the continue section buttons visibility as in description - DNA-81304 Crash at chrome::NewTab(Browser*) - DNA-81650 Easy Setup Style looks weird - DNA-81708 Missing dependency on //chrome/common:buildflags - DNA-81732 [Mac][Catalina] Cannot maximize a window after it’s been minimized - DNA-81737 Renderer crash on https://codesandbox.io/s/vanilla-ts - DNA-81753 Pinned tab only remembered after next restart - DNA-81769 Investigate reports about slow speed dial loading in O64 blog comments - DNA-81859 [Mac 10.15] Crash whenever navigating to any page - DNA-81893 Get Personalised news on SpeedDials broken layout Update to version 64.0.3417.61 - DNA-80760 Sidebar Messenger icon update - DNA-81165 Remove sharing service - DNA-81211 [Advanced content blocking] Can not turn off ad blocking in private mode - DNA-81323 content_filter::RendererConfigProvider destroyed on wrong sequence - DNA-81487 [VPN disclaimer][da, ta] Text should be multiline - DNA-81545 opr-session entry for Google ads not working - DNA-81580 Speed dials’ colours change after Opera update - DNA-81597 [Adblocker] Google Ads link hides if clicking - DNA-81639 Widevine verification status is PLATFORM_TAMPERED - DNA-81237 [Advanced content blocking] noCoinis not enabled by default - DNA-81375 Adblocking_AddToWhitelist_Popup and Adblocking_RemoveFromWhitelist_Popup metric not recorded in stats - DNA-81413 Error in console when Start Page connects to My Flow - DNA-81435 Adjust VPN disclaimer to longer strings [de] Update to version 64.0.3417.47 - DNA-80531 [Reborn3] Unify Switches - DNA-80738 “How to protect my privacy” link - DNA-81162 Enable #advanced-content-blocking on developer stream - DNA-81202 Privacy Protection popup doesn’t resize after enabling blockers - DNA-81230 [Mac] Drop support for 10.10 - DNA-81280 Adjust button width to the shorter string - DNA-81295 Opera 64 translations - DNA-81346 Enable #advanced-content-blocking on all streams - DNA-81434 Turn on #new-vpn-flow in all streams - DNA-81436 Import translations from Chromium to O64 - DNA-81460 Promote O64 to stable - DNA-81461 Snap onboarding is cut - DNA-81467 Integrate missing translations (Chinese, MS and TL) to O64/65 - DNA-81489 Start page goes into infinite loop Complete Opera 64.0 changelog at: https://blogs.opera.com/desktop/changelog-for-64/ Update to version 63.0.3368.94 - CHR-7516 Update chromium on master to 78.0.3887.7 - DNA-80966 [Linux] Integrate a new key into our packages Update to version 63.0.3368.88 - DNA-79103 Saving link to bookmarks saves it to Other bookmarks folder - DNA-79455 Crash at views::MenuController:: FindNextSelectableMenuItem(views::MenuItemView*, int, views:: MenuController::SelectionIncrementDirectionType, bool) - DNA-79579 Continuous packages using new_mac_bundle_structure do not run - DNA-79611 Update opauto_paths.py:GetResourcesDir - DNA-79621 Add support for new bundle structure to old autoupdate clients - DNA-79906 Fix package build - DNA-80131 Sign Opera Helper(GPU).app - DNA-80191 Fix opera_components/tracking_data/tracking_data_paths.cc - DNA-80638 Cherry-pick fix for CreditCardTest. UpdateFromImportedCard_ExpiredVerifiedCardUpdatedWithSameName - DNA-80801 Very slow tab deletion process
Patchnames
openSUSE-2019-2664
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for opera",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for opera fixes the following issues:\n\nOpera was updated to version 65.0.3467.62\n\n- CHR-7658 Update chromium on desktop-stable-78-3467 \n  to 78.0.3904.108\n- DNA-81387 Remove support for old bundle structure \n  in signing scripts\n- DNA-81675 Update widevine signature localisation in \n  signed packages\n- DNA-81884 [Advanced content blocking] Ads are blocked \n  for whitelisted page in Incognito\n- DNA-82230 [Mac] URL is not correctly aligned when \n  the Geolocation is ON\n- DNA-82368 Generating diffs for unsinged packages doesn\u2019t work\n- DNA-82414 Wrong number of trackers displayed just after \n  deactivating adblocker\n- DNA-82470 [Linux] Snap package doesn\u2019t recognise GNOME 3.24 \n  platform snap connection\n- DNA-82473 https://www.nba.com/standings not working with \n  AdBlocker enabled\n- DNA-82484 Update content blocking icon\n- DNA-82485 [Mac 10.15] Opera installer error at the end of \n  installation process\n- DNA-82508 [Adblocker] Predefault lists can not be unchecked\n- DNA-82557 Address bar dropdown launches HTTP GETs for \n  every autocomplete\n- DNA-82596 Do not block first-party \u2018trackers\u2019\n- DNA-82616 Settings \u2013 Tracker Blocker \u2013 Add \u201cLearn more\u201d link\n- DNA-82626 [Win] High CPU usage due to media indicator animation\n- DNA-82647 Tab icons mixed after Tab closing\n- DNA-82742 Pages won\u2019t load after closing private mode\n- DNA-82768 Mark also the reference group in \u201cexp\u201d header \n  for DNA-81658\n- DNA-82840 Disable favicon fetching for typed URLs\n\nComplete Opera 65.0 changelog at:\n\n  https://blogs.opera.com/desktop/changelog-for-65/\n\nUpdate to version 64.0.3417.92\n\n- DNA-81358 Wrong key color on extension popup in dark mode\n- DNA-82208 Cherry-pick CVE-2019-13721 and CVE-2019-13720\n\nUpdate to version 64.0.3417.83\n\n- DNA-79676 Use FFmpegDemuxer to demux ADTS\n- DNA-81010 Spinner takes a lot of cpu\n- DNA-81385 Keys on some popups in dark mode can\u2019t be hovered\n- DNA-81494 [Mac] Snap onboarding doesn\u2019t appear while \n  the icon still flashes\n- DNA-82003 Restore legacy path for AudioFileReader\n- DNA-82019 Enable #ffmpeg-demuxer-everywhere by default \n    in developer\n- DNA-82028 Enable #ffmpeg-demuxer-everywhere by default \n  in stable on macOS\n\nUpdate to version 64.0.3417.73\n\n- CHR-7598 Update chromium on desktop-stable-77-3417 \n  to 77.0.3865.120\n- DNA-80049 The upper border of \u201cAdd to bookmarks bar\u201d popup \n  is cut off in white mode\n- DNA-80395 Menu popup borders in Settings are invisible\n  in Dark mode\n- DNA-81263 Change the continue section buttons visibility \n  as in description\n- DNA-81304 Crash at chrome::NewTab(Browser*)\n- DNA-81650 Easy Setup Style looks weird\n- DNA-81708 Missing dependency on //chrome/common:buildflags\n- DNA-81732 [Mac][Catalina] Cannot maximize a window\n  after it\u2019s been minimized\n- DNA-81737 Renderer crash on https://codesandbox.io/s/vanilla-ts\n- DNA-81753 Pinned tab only remembered after next restart\n- DNA-81769 Investigate reports about slow speed dial loading\n  in O64 blog comments\n- DNA-81859 [Mac 10.15] Crash whenever navigating to any page\n- DNA-81893 Get Personalised news on SpeedDials broken layout\n\nUpdate to version 64.0.3417.61\n\n- DNA-80760 Sidebar Messenger icon update\n- DNA-81165 Remove sharing service\n- DNA-81211 [Advanced content blocking] Can not turn off \n  ad blocking in private mode\n- DNA-81323 content_filter::RendererConfigProvider destroyed \n  on wrong sequence\n- DNA-81487 [VPN disclaimer][da, ta] Text should be multiline\n- DNA-81545 opr-session entry for Google ads not working\n- DNA-81580 Speed dials\u2019 colours change after Opera update\n- DNA-81597 [Adblocker] Google Ads link hides if clicking\n- DNA-81639 Widevine verification status is PLATFORM_TAMPERED\n- DNA-81237 [Advanced content blocking] noCoinis \n  not enabled by default\n- DNA-81375 Adblocking_AddToWhitelist_Popup and \n  Adblocking_RemoveFromWhitelist_Popup metric not recorded \n  in stats\n- DNA-81413 Error in console when Start Page connects to My Flow\n- DNA-81435 Adjust VPN disclaimer to longer strings [de]\n\nUpdate to version 64.0.3417.47\n\n- DNA-80531 [Reborn3] Unify Switches\n- DNA-80738 \u201cHow to protect my privacy\u201d link\n- DNA-81162 Enable #advanced-content-blocking\n  on developer stream\n- DNA-81202 Privacy Protection popup doesn\u2019t resize after\n  enabling blockers\n- DNA-81230 [Mac] Drop support for 10.10\n- DNA-81280 Adjust button width to the shorter string\n- DNA-81295 Opera 64 translations\n- DNA-81346 Enable #advanced-content-blocking on all streams\n- DNA-81434 Turn on #new-vpn-flow in all streams\n- DNA-81436 Import translations from Chromium to O64\n- DNA-81460 Promote O64 to stable\n- DNA-81461 Snap onboarding is cut\n- DNA-81467 Integrate missing\n  translations (Chinese, MS and TL) to O64/65\n- DNA-81489 Start page goes into infinite loop\n\nComplete Opera 64.0 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-64/\n\nUpdate to version 63.0.3368.94\n\n- CHR-7516 Update chromium on master to 78.0.3887.7\n- DNA-80966 [Linux] Integrate a new key into our packages\n\nUpdate to version 63.0.3368.88\n\n- DNA-79103 Saving link to bookmarks saves it to Other \n  bookmarks folder\n- DNA-79455 Crash at views::MenuController::\n  FindNextSelectableMenuItem(views::MenuItemView*, int, views::\n  MenuController::SelectionIncrementDirectionType, bool)\n- DNA-79579 Continuous packages using \n  new_mac_bundle_structure do not run\n- DNA-79611 Update opauto_paths.py:GetResourcesDir\n- DNA-79621 Add support for new bundle structure to old \n  autoupdate clients\n- DNA-79906 Fix package build\n- DNA-80131 Sign Opera Helper(GPU).app\n- DNA-80191 Fix \n  opera_components/tracking_data/tracking_data_paths.cc\n- DNA-80638 Cherry-pick fix for CreditCardTest.\n  UpdateFromImportedCard_ExpiredVerifiedCardUpdatedWithSameName\n- DNA-80801 Very slow tab deletion process\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-2664",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2664-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:2664-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM/#ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:2664-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM/#ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13720 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13721 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13721/"
      }
    ],
    "title": "Security update for opera",
    "tracking": {
      "current_release_date": "2019-12-10T07:30:16Z",
      "generator": {
        "date": "2019-12-10T07:30:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:2664-1",
      "initial_release_date": "2019-12-10T07:30:16Z",
      "revision_history": [
        {
          "date": "2019-12-10T07:30:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "opera-65.0.3467.62-lp151.2.9.1.x86_64",
                "product": {
                  "name": "opera-65.0.3467.62-lp151.2.9.1.x86_64",
                  "product_id": "opera-65.0.3467.62-lp151.2.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1 NonFree",
                "product": {
                  "name": "openSUSE Leap 15.1 NonFree",
                  "product_id": "openSUSE Leap 15.1 NonFree",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "opera-65.0.3467.62-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1 NonFree",
          "product_id": "openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"
        },
        "product_reference": "opera-65.0.3467.62-lp151.2.9.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1 NonFree"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13720",
          "url": "https://www.suse.com/security/cve/CVE-2019-13720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1155643 for CVE-2019-13720",
          "url": "https://bugzilla.suse.com/1155643"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-12-10T07:30:16Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-13720"
    },
    {
      "cve": "CVE-2019-13721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13721",
          "url": "https://www.suse.com/security/cve/CVE-2019-13721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1155643 for CVE-2019-13721",
          "url": "https://bugzilla.suse.com/1155643"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-12-10T07:30:16Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-13721"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.