openSUSE-SU-2022:10254-1: important: Security update for opera

31 Dec 2022

      openSUSE Security Update: Security update for opera
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:10254-1
Rating:             important
References:         
Cross-References:   CVE-2022-4262 CVE-2022-4436 CVE-2022-4437
                    CVE-2022-4438 CVE-2022-4439 CVE-2022-4440

CVSS scores:
                    CVE-2022-4262 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-4436 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-4437 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-4438 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-4439 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-4440 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap 15.4:NonFree
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:

   This update for opera fixes the following issues:

   - Update to 94.0.4606.38
     - CHR-9133 Update chromium on desktop-stable-108-4606 to 108.0.5359.125
     - DNA-103624 Create JS API to open Search tabs feature
     - DNA-104004 Improve welcome pop-up
     - DNA-104053 Right mouse click open speed dial instead of context menu
     - DNA-104055 News article opens in active tab
     - DNA-104084 [Suggestion] Introduce a way to remove the Lucid Mode button
     - DNA-104089 No crashes reported in soccoro for Linux
   - The update to chromium 108.0.5359.125 fixes following issues:
     CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439, CVE-2022-4440

   - Update to 94.0.4606.26
     - CHR-9125 Update chromium on desktop-stable-108-4606 to 108.0.5359.99
     - DNA-99207 WebUI popup/dropdown could be empty due to lack
       of memory
     - DNA-102882 [SD][News][Continue on][Suggestion] Do not focus
       on opened page when opening in new tab
     - DNA-103076 Release installer consent flow globally
     - DNA-103137 Fix positioning in Web UI component
     - DNA-103240 Re-use logic from popup for consent not set in settings
     - DNA-103540 Implement Autostart for Opera Desktop (except Poland)
     - DNA-103636 Implement Lucid Mode for Videos
     - DNA-103637 Implement Lucid Mode button on top of videos
     - DNA-103638 Make Lucid Mode button on top of videos work
     - DNA-103641 Implement Lucid Mode for Images
     - DNA-103642 Updated design and animation for Lucid Mode button
       on top of videos
     - DNA-103650 Add Lucid Mode to Easy Setup
     - DNA-103701 Move User Styles loading/saving to a separate component
     - DNA-103718 Record "consent_given" stat for every session
     - DNA-103724 Video detach button wont go away
     - DNA-103757 Add click animation for Lucid Mode button on top of videos
     - DNA-103765 Console error with lucid mode flag off
     - DNA-103770 Easy Setup switch doesn't get updated
     - DNA-103771 Click animation should only show when turning
       on Lucid Mode
     - DNA-103773 Unable to access lucid mode settings section directly
     - DNA-103784 Investigate video buttons 'escaping'
     - DNA-103800 Adapt Lucid Mode button to new design
     - DNA-103836 Translations for O94
     - DNA-103850 Label on detach button cut off
     - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set
       minimum size
     - DNA-103931 Wrong sidebar detection.
     - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off
     - DNA-103949 Lucid Mode doesn't work in a private window
     - DNA-103959 Unable to scroll down on player home page
     - DNA-103962 [Settings] Remove "Safety Check"
     - DNA-104011 Turn on Lucid Mode on all streams
     - DNA-104052 Hide Lucid Mode video button on Google Meet
     - DNA-103930 Promote O94 to stable
   - The update to chromium 108.0.5359.99 fixes following issues:
     CVE-2022-4262

   - Update to 93.0.4585.64
     - DNA-102836 Make 1st screen of Consent Popup a little taller to have
       more space under "You can adjust your choices" label
     - DNA-102934 Turn on building testlist on GOTH instead of Buildbot
     - DNA-102969 On some pages search popup don't work
     - DNA-103053 Put consent flow settings in separate feature flag
     - DNA-103054 Update consent settings to new design
     - DNA-103062 Add opauto tests for consent flow settings
     - DNA-103099 Set testlist_from in testlist generating script
     - DNA-103240 Re-use logic from popup for consent not set in settings
     - DNA-103296 Force dark page break QR code in whats app
     - DNA-103298 Stat for recording adblock whitelist is not sent in every
       session
     - DNA-103522 Missing translations for
       IDS_CONSENT_FLOW_DATA_DESC_INTERESTS
     - DNA-103526 search popup doesn't recognize some currencies shortcut
     - DNA-103530 Replace icons in sidebar setup
     - DNA-103636 Implement Lucid Mode for Videos
     - DNA-103637 Implement Lucid Mode button on top of videos
     - DNA-103638 Make Lucid Mode button on top of videos work
     - DNA-103641 Implement Lucid Mode for Images
     - DNA-103642 Updated design and animation for Lucid Mode button
       on top of videos
     - DNA-103650 Add Lucid Mode to Easy Setup
     - DNA-103701 Move User Styles loading/saving to a separate component
     - DNA-103718 Record "consent_given" stat for every session
     - DNA-103724 Video detach button wont go away
     - DNA-103757 Add click animation for Lucid Mode button on top of videos
     - DNA-103765 Console error with lucid mode flag off
     - DNA-103770 Easy Setup switch doesn't get updated
     - DNA-103771 Click animation should only show when turning on Lucid Mode
     - DNA-103773 Unable to access lucid mode settings section directly
     - DNA-103784 Investigate video buttons 'escaping'
     - DNA-103800 Adapt Lucid Mode button to new design
     - DNA-103850 Label on detach button cut off
     - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set
       minimum size
     - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off
     - DNA-104011 Turn on Lucid Mode on all streams

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:NonFree:

      zypper in -t patch openSUSE-2022-10254=1

Package List:

   - openSUSE Leap 15.4:NonFree (x86_64):

      opera-94.0.4606.38-lp154.2.35.1

References:

   https://www.suse.com/security/cve/CVE-2022-4262.html
   https://www.suse.com/security/cve/CVE-2022-4436.html
   https://www.suse.com/security/cve/CVE-2022-4437.html
   https://www.suse.com/security/cve/CVE-2022-4438.html
   https://www.suse.com/security/cve/CVE-2022-4439.html
   https://www.suse.com/security/cve/CVE-2022-4440.html

openSUSE-SU-2022:10254-1: important: Security update for opera

opensuse-security＠opensuse.org