openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10088-1 Rating: important References: Cross-References: CVE-2022-2163 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 CVE-2022-2477 CVE-2022-2478 CVE-2022-2479 CVE-2022-2480 CVE-2022-2481 CVSS scores: CVE-2022-2163 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2294 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2295 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2296 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2477 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2478 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2479 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-2480 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2481 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4:NonFree ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for opera fixes the following issues: Opera was updated to 89.0.4447.71 - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134 - DNA-100492 authPrivate.storeCredentials should work with running auth session - DNA-100649 ���Sign out��� from settings doesn���t also sign out from auth - DNA-100653 VPN Badge popup ��� not working well with different page zoom being set in browser settings - DNA-100712 Wrong spacing on text to reset sync passphrase in settings - DNA-100799 VPN icon is ���pro��� on disconnected - DNA-100841 Remove Get Subscription and Get button from VPN pro settings - DNA-100883 Update missing translations from chromium - DNA-100899 Translation error in Turkish - DNA-100912 Unable to select pinboards when sync everything is enabled - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB - DNA-100960 Use after move CountryBlacklistServiceImpl::DownloadCountryBlacklist - DNA-100961 Use after move CategorizationDataCollection::Iterator::Iterator - DNA-100989 Crash at opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&) - The update to chromium 103.0.5060.134 fixes following issues: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479 CVE-2022-2480, CVE-2022-2481 - Update to 89.0.4447.51 - DNA-99538 Typed content of address bar shared between tabs - DNA-100418 Set 360 so as search engine in China - DNA-100629 Launch Auth login when enabling sync while logged in - DNA-100776 Popup is too long if there are no services available - Update to 89.0.4447.48 - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114 - DNA-100247 Make it possible to display hint when tab scrolling gets triggered - DNA-100482 Shopping corner icon availability - DNA-100575 Add unique IDs to all web element in opera account popup - DNA-100625 Opera account popup appears too high on Linux - DNA-100627 Enable #snap-from-panel on all stream - DNA-100636 DCHECK at suggestion_item.cc(484) - DNA-100685 Fix crash when attaching to tab strip scroll buttons - DNA-100693 Enable Sticky Site sidebar item to have notification bubble - DNA-100698 [AdBlock] Unhandled Disconnect list category: "emailaggressive" - DNA-100716 Misstype Settings "Enhanced address bar" - DNA-100732 Fix & escaping in translated strings - DNA-100759 Crash when loading personal news in private window - The update to chromium 103.0.5060.114 fixes following issues: CVE-2022-2294, CVE-2022-2295, CVE-2022-2296 - Update to 89.0.4447.38 - DNA-100283 Translations for O89 - Complete Opera 89.0 changelog at: https://blogs.opera.com/desktop/changelog-for-89/ - Changes in 89.0.4447.37 - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66 - DNA-99780 Crash at zmq::zmq_abort(char const*) - DNA-100377 New opera account popup doesn���t open on Linux - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce (base::internal::BindStateBase*, scoped_refptr<T>&&) - DNA-100607 Sync ���Sign in��� button doesn���t work with Opera Account popup Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:NonFree: zypper in -t patch openSUSE-2022-10088=1 Package List: - openSUSE Leap 15.4:NonFree (x86_64): opera-89.0.4447.71-lp154.2.14.1 References: https://www.suse.com/security/cve/CVE-2022-2163.html https://www.suse.com/security/cve/CVE-2022-2294.html https://www.suse.com/security/cve/CVE-2022-2295.html https://www.suse.com/security/cve/CVE-2022-2296.html https://www.suse.com/security/cve/CVE-2022-2477.html https://www.suse.com/security/cve/CVE-2022-2478.html https://www.suse.com/security/cve/CVE-2022-2479.html https://www.suse.com/security/cve/CVE-2022-2480.html https://www.suse.com/security/cve/CVE-2022-2481.html