opensuse-su-2020:2178-1
Vulnerability from csaf_opensuse
Published
2020-12-06 17:22
Modified
2020-12-06 17:22
Summary
Security update for opera
Notes
Title of the patch
Security update for opera
Description of the patch
This update for opera fixes the following issues:
- Update to version 72.0.3815.400
- DNA-88996 [Mac] Vertical spacing of sidebar items incorrect
- DNA-89698 [Mac] text on bookmark bar not visible when
application is not focused
- DNA-89746 Add product-name switch to Opera launcher and
installer
- DNA-89779 Implement multi-window behavior for pinned Player
- DNA-89924 Music continue to play after the disabling Player
from Sidebar
- DNA-89994 Fix progress bar shape and color
- DNA-89995 Fix font sizes, weights and colors of text in
control panel
- DNA-90010 Payment Methods in Settings mention Google account
- DNA-90022 [Mac][BigSur] Crash at -[BrowserWindowController
window:willPositionSheet:usingRect:]
- DNA-90025 Player stays in the autopause after reloading
panel – part 2
- DNA-90096 Sidebar click stat not collected for Player
- DNA-90143 Adding a stat for Player sidebar clicks to the
Avro schema
- Update to version 72.0.3815.378
- CHR-8192 Update chromium on desktop-stable-86-3815 to
86.0.4240.198
- DNA-86550 XHRUint8Array test time out
- DNA-88631 Unintended volume drop
- DNA-88708 [Snap] Inproper area snapped
- DNA-88726 [Mac] Overlay ‘pause’ icon when Opera auto-pauses
the Player
- DNA-88903 Detach video button should not be visible
- DNA-88938 Make home page reflect service configuration
- DNA-88943 Learn more link on home page doesnt work
- DNA-88944 Apple Music service slow to open
- DNA-88948 Fetch audio focus request id from MediaSession
- DNA-88949 Detach video button missing
- DNA-88966 No accessiblity titles for services icons in home page
- DNA-88967 Investigate creating a single BrowserSidebarModel
instance
- DNA-88995 Overlay “pause” is displayed when it shouldn’t
- DNA-89017 Error when signing out of YouTube Music
- DNA-89054 Audio is not resumed when muting audio in tab
- DNA-89094 DCHECK when pressing Reload button
- DNA-89095 Manage service data through PlayerService
- DNA-89100 [Player] Crash – many scenarios
- DNA-89187 Reload button doesn’t work properly
- DNA-89189 Update icons and buttons
- DNA-89217 Enable #player-service on developer stream
- DNA-89220 SidebarCarouselTests.* failing
- DNA-89230 Crash at v8::Context::Enter()
- DNA-89244 Define default widths per service
- DNA-89245 Improve Spotify logo layout in home page buttons
- DNA-89248 Crash at opera::WebPageBrowserSidebarItemContentViewViews
::UpdatePlayerService()
- DNA-89278 [Sidebar] No notification for downloads and workspaces
- DNA-89285 [Engine] Unable to launch skype with Opera
- DNA-89292 Do not block page loads waiting for sitecheck data
- DNA-89316 Should be able to navigate directly to playerServices
section in settings
- DNA-89339 Make popup appear with tooltip-like behavior
- DNA-89340 Implement control panel looks in light and dark mode
- DNA-89341 Make the control panel buttons work
- DNA-89342 Add support for the DNA to the rollout system
- DNA-89344 Show Music Service icon in the control panel
- DNA-89360 Make ‘Settings’ menu entry go to settings
- DNA-89366 Make opera://feedback/babe attachable by the webdriver
- DNA-89419 Crash at base::Value::GetAsDictionary
(base::DictionaryValue const**) const
- DNA-89469 Autopause does not work
- DNA-89477 Do not wait with starting the player if the
interrupting session is short
- DNA-89480 Crash when hovering player panel
- DNA-89484 Crash at base::internal::CheckedObserverAdapter
::IsMarkedForRemoval()
- DNA-89489 Put control panel behind feature flag
- DNA-89514 Implement feedback button for Player
- DNA-89516 Do not auto-pause the Player when there is no sound
- DNA-89553 Make the control panel show current song
- DNA-89557 No accessibility title for rating and close buttons
inside feedback dialog
- DNA-89561 Make the control panel show artwork that represents
current track
- DNA-89575 Handle longer track and artist names
- DNA-89577 Make progress bar work correctly
- DNA-89630 Controler pop-up is too high (and service logo too)
- DNA-89634 Panel width is reset when it shouldn’t
- DNA-89654 Request higher resolution images for HiDPI
- DNA-89655 Enable #player-service-control-panel on Developer stream
- DNA-89671 No accessiblity titles for control panel elements
- DNA-89672 String change “A world of music…”
- DNA-89679 Player — don’t show control panel when Player in sidebar
is opened
- DNA-89722 Album cover arts are not visible
- DNA-89766 Address bar does not respond to actions
- DNA-89776 Control panel does not disappear after hovering elsewhere
- DNA-89778 Implement multi-window behavior when no Player is pinned
- DNA-89795 Player is enable after Opera restart
(when in Settings was turned off)
- DNA-89803 Artwork is cropped to the right
- DNA-89812 Sidebar panel should hide when toggle between windows
- DNA-89820 Incorrect music services for Philippines
- DNA-89846 Do not show the control panel if there is nothing to
show
- DNA-89878 Clarify notification dot for messengers
- DNA-89901 [Mac][Player] Zombie crash at exit
- DNA-89952 Crash at opera::BrowserSidebarPlayerItemContentViewViews
::LoadPlayerServiceURL()
- DNA-89964 Player stays in the autopause after reloading panel
- DNA-89971 Multi window behaviour is not respected anymore
- DNA-89976 Disallow docking for Player
- DNA-89986 Enable #player-service and
#player-service-control-panel on all streams
- DNA-90006 Change services order in RU/UA/BY
- The update to chromium 86.0.4240.198 fixes following issues:
CVE-2020-16013, CVE-2020-16017
Patchnames
openSUSE-2020-2178
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\n- Update to version 72.0.3815.400\n - DNA-88996 [Mac] Vertical spacing of sidebar items incorrect\n - DNA-89698 [Mac] text on bookmark bar not visible when\n application is not focused\n - DNA-89746 Add product-name switch to Opera launcher and\n installer\n - DNA-89779 Implement multi-window behavior for pinned Player\n - DNA-89924 Music continue to play after the disabling Player\n from Sidebar\n - DNA-89994 Fix progress bar shape and color\n - DNA-89995 Fix font sizes, weights and colors of text in\n control panel\n - DNA-90010 Payment Methods in Settings mention Google account\n - DNA-90022 [Mac][BigSur] Crash at -[BrowserWindowController\n window:willPositionSheet:usingRect:]\n - DNA-90025 Player stays in the autopause after reloading\n panel \u2013 part 2\n - DNA-90096 Sidebar click stat not collected for Player\n - DNA-90143 Adding a stat for Player sidebar clicks to the\n Avro schema\n\n- Update to version 72.0.3815.378\n - CHR-8192 Update chromium on desktop-stable-86-3815 to\n 86.0.4240.198\n - DNA-86550 XHRUint8Array test time out\n - DNA-88631 Unintended volume drop\n - DNA-88708 [Snap] Inproper area snapped\n - DNA-88726 [Mac] Overlay \u2018pause\u2019 icon when Opera auto-pauses\n the Player\n - DNA-88903 Detach video button should not be visible\n - DNA-88938 Make home page reflect service configuration\n - DNA-88943 Learn more link on home page doesnt work\n - DNA-88944 Apple Music service slow to open\n - DNA-88948 Fetch audio focus request id from MediaSession\n - DNA-88949 Detach video button missing\n - DNA-88966 No accessiblity titles for services icons in home page\n - DNA-88967 Investigate creating a single BrowserSidebarModel\n instance\n - DNA-88995 Overlay \u201cpause\u201d is displayed when it shouldn\u2019t\n - DNA-89017 Error when signing out of YouTube Music\n - DNA-89054 Audio is not resumed when muting audio in tab\n - DNA-89094 DCHECK when pressing Reload button\n - DNA-89095 Manage service data through PlayerService\n - DNA-89100 [Player] Crash \u2013 many scenarios\n - DNA-89187 Reload button doesn\u2019t work properly\n - DNA-89189 Update icons and buttons\n - DNA-89217 Enable #player-service on developer stream\n - DNA-89220 SidebarCarouselTests.* failing\n - DNA-89230 Crash at v8::Context::Enter()\n - DNA-89244 Define default widths per service\n - DNA-89245 Improve Spotify logo layout in home page buttons\n - DNA-89248 Crash at opera::WebPageBrowserSidebarItemContentViewViews\n ::UpdatePlayerService()\n - DNA-89278 [Sidebar] No notification for downloads and workspaces\n - DNA-89285 [Engine] Unable to launch skype with Opera\n - DNA-89292 Do not block page loads waiting for sitecheck data\n - DNA-89316 Should be able to navigate directly to playerServices\n section in settings\n - DNA-89339 Make popup appear with tooltip-like behavior\n - DNA-89340 Implement control panel looks in light and dark mode\n - DNA-89341 Make the control panel buttons work\n - DNA-89342 Add support for the DNA to the rollout system\n - DNA-89344 Show Music Service icon in the control panel\n - DNA-89360 Make \u2018Settings\u2019 menu entry go to settings\n - DNA-89366 Make opera://feedback/babe attachable by the webdriver\n - DNA-89419 Crash at base::Value::GetAsDictionary\n (base::DictionaryValue const**) const\n - DNA-89469 Autopause does not work\n - DNA-89477 Do not wait with starting the player if the\n interrupting session is short\n - DNA-89480 Crash when hovering player panel\n - DNA-89484 Crash at base::internal::CheckedObserverAdapter\n ::IsMarkedForRemoval()\n - DNA-89489 Put control panel behind feature flag\n - DNA-89514 Implement feedback button for Player\n - DNA-89516 Do not auto-pause the Player when there is no sound\n - DNA-89553 Make the control panel show current song\n - DNA-89557 No accessibility title for rating and close buttons\n inside feedback dialog\n - DNA-89561 Make the control panel show artwork that represents\n current track\n - DNA-89575 Handle longer track and artist names\n - DNA-89577 Make progress bar work correctly\n - DNA-89630 Controler pop-up is too high (and service logo too)\n - DNA-89634 Panel width is reset when it shouldn\u2019t\n - DNA-89654 Request higher resolution images for HiDPI\n - DNA-89655 Enable #player-service-control-panel on Developer stream\n - DNA-89671 No accessiblity titles for control panel elements\n - DNA-89672 String change \u201cA world of music\u2026\u201d\n - DNA-89679 Player \u2014 don\u2019t show control panel when Player in sidebar\n is opened\n - DNA-89722 Album cover arts are not visible\n - DNA-89766 Address bar does not respond to actions\n - DNA-89776 Control panel does not disappear after hovering elsewhere\n - DNA-89778 Implement multi-window behavior when no Player is pinned\n - DNA-89795 Player is enable after Opera restart\n (when in Settings was turned off)\n - DNA-89803 Artwork is cropped to the right\n - DNA-89812 Sidebar panel should hide when toggle between windows\n - DNA-89820 Incorrect music services for Philippines\n - DNA-89846 Do not show the control panel if there is nothing to\n show\n - DNA-89878 Clarify notification dot for messengers\n - DNA-89901 [Mac][Player] Zombie crash at exit\n - DNA-89952 Crash at opera::BrowserSidebarPlayerItemContentViewViews\n ::LoadPlayerServiceURL()\n - DNA-89964 Player stays in the autopause after reloading panel\n - DNA-89971 Multi window behaviour is not respected anymore\n - DNA-89976 Disallow docking for Player\n - DNA-89986 Enable #player-service and\n #player-service-control-panel on all streams\n - DNA-90006 Change services order in RU/UA/BY\n- The update to chromium 86.0.4240.198 fixes following issues:\n CVE-2020-16013, CVE-2020-16017\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2178",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2178-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2178-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ELOCKFRXJEKGKGO7AQH4WNPKH7IYSMSR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2178-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ELOCKFRXJEKGKGO7AQH4WNPKH7IYSMSR/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16013 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-16017 page",
"url": "https://www.suse.com/security/cve/CVE-2020-16017/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2020-12-06T17:22:42Z",
"generator": {
"date": "2020-12-06T17:22:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2178-1",
"initial_release_date": "2020-12-06T17:22:42Z",
"revision_history": [
{
"date": "2020-12-06T17:22:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-72.0.3815.400-lp152.2.24.1.x86_64",
"product": {
"name": "opera-72.0.3815.400-lp152.2.24.1.x86_64",
"product_id": "opera-72.0.3815.400-lp152.2.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1 NonFree",
"product": {
"name": "openSUSE Leap 15.1 NonFree",
"product_id": "openSUSE Leap 15.1 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2 NonFree",
"product": {
"name": "openSUSE Leap 15.2 NonFree",
"product_id": "openSUSE Leap 15.2 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-72.0.3815.400-lp152.2.24.1.x86_64 as component of openSUSE Leap 15.1 NonFree",
"product_id": "openSUSE Leap 15.1 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
},
"product_reference": "opera-72.0.3815.400-lp152.2.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1 NonFree"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-72.0.3815.400-lp152.2.24.1.x86_64 as component of openSUSE Leap 15.2 NonFree",
"product_id": "openSUSE Leap 15.2 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
},
"product_reference": "opera-72.0.3815.400-lp152.2.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-16013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16013"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64",
"openSUSE Leap 15.2 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16013",
"url": "https://www.suse.com/security/cve/CVE-2020-16013"
},
{
"category": "external",
"summary": "SUSE Bug 1178703 for CVE-2020-16013",
"url": "https://bugzilla.suse.com/1178703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64",
"openSUSE Leap 15.2 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64",
"openSUSE Leap 15.2 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-06T17:22:42Z",
"details": "critical"
}
],
"title": "CVE-2020-16013"
},
{
"cve": "CVE-2020-16017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-16017"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64",
"openSUSE Leap 15.2 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-16017",
"url": "https://www.suse.com/security/cve/CVE-2020-16017"
},
{
"category": "external",
"summary": "SUSE Bug 1178703 for CVE-2020-16017",
"url": "https://bugzilla.suse.com/1178703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64",
"openSUSE Leap 15.2 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64",
"openSUSE Leap 15.2 NonFree:opera-72.0.3815.400-lp152.2.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-06T17:22:42Z",
"details": "critical"
}
],
"title": "CVE-2020-16017"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…