openSUSE-SU-2023:0251-1: important: Security update for opera
openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0251-1 Rating: important References: Cross-References: CVE-2023-2312 CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 CVE-2023-4068 CVE-2023-4069 CVE-2023-4070 CVE-2023-4071 CVE-2023-4072 CVE-2023-4073 CVE-2023-4074 CVE-2023-4075 CVE-2023-4076 CVE-2023-4077 CVE-2023-4078 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367 CVE-2023-4368 CVE-2023-4572 CVSS scores: CVE-2023-2312 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-3420 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-3421 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-3422 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4068 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2023-4069 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4070 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2023-4071 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4072 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4073 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4074 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4075 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4076 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4077 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4078 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4349 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4350 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2023-4351 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4352 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4353 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4354 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4355 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4356 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4357 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4358 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4359 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-4360 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2023-4361 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2023-4362 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4363 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2023-4364 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2023-4365 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2023-4366 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4367 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2023-4368 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-4572 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4:NonFree ______________________________________________________________________________ An update that fixes 36 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 102.0.4880.40 * DNA-111203 Prepare translations for home button in settings - Changes in 102.0.4880.38 * DNA-110720 [Sidebar] Sidebar app increase size every time it's reopened * DNA-110723 Music logo in light mode of 'Select service' unreadable on hover * DNA-110821 Run-if-alive callback missing in WMFDecoderImpl * DNA-110835 Search/copy popup issues * DNA-111038 Disable profile migration * DNA-111263 Tab island animation incorrect when tabstrip full - Update to 102.0.4880.33 * CHR-9411 Update Chromium on desktop-stable-116-4880 to 116.0.5845.141 * DNA-110172 [BUG] Images inside popup does not get rounded corner * DNA-110828 Update chess.com build * DNA-110834 Crash at opera::component_based:: TabAnimationController::StartAnimatedLayout(opera:: component_based::TabAnimationController::AnimationInfo, base::OnceCallback) * DNA-111144 Enable a new version of the extension. - The update to chromium 116.0.5845.141 fixes following issues: CVE-2023-4572 - Update to 102.0.4880.29 * DNA-109498 Splash screen is shown on every restart of the browser * DNA-109698 Test Amazon Music support * DNA-109840 Amazon music logo is very small and unreadable * DNA-109841 Amazon music logo in player mode is too wide * DNA-109842 [opauto] Add tests for Amazon Music in Player * DNA-109937 Crash at opera::ComponentTabStripController:: SetGroupCollapsed(tab_groups::TabGroupId const&, bool) * DNA-110107 Clicking roblox link on page closes the tab * DNA-110110 [Tab strip][Tab island] Middle/right mouse click on top of the screen have no/wrong efect * DNA-110125 [Win/Lin] New design for default scrollbars on web page * DNA-110130 Capture mouse events on the 1-pixel edge to the right of the web view * DNA-110586 Shadow is clipped if first tab is selected * DNA-110637 Revert removal of start page button * DNA-110684 Add bookmarks permissions * DNA-110702 [Scrollable] Pin group is not aligned with address bar * DNA-110737 [OMenu] Menu button looks weird * DNA-110788 No 1-pixel edge in full screen mode * DNA-110828 Update chess.com build * DNA-110842 [Tab strip] Make ‘+’ button round(er) again * DNA-110874 Bring back Home button * DNA-110876 Search box on Start page without transparency * DNA-110878 Turn on Amazon Music on developer * DNA-110905 Amazon Music for all given locales * DNA-110961 [WinLin] Remove 1-pixel edge in full screen mode * DNA-111038 Disable profile migration * DNA-111079 Improve user-profile migration * DNA-111092 Disable profile migration flag for desktop-stable-116-4880 - Update to 102.0.4880.16 * CHR-9396 Update Chromium on desktop-stable-116-4880 to 116.0.5845.97 * DNA-110040 Crash at crash_reporter::(anonymous namespace):: AbslAbortHook(char const*, int, char const*, char const*, char const*) * DNA-110315 O-menu opening after pressing alt on site which have action for Alt press * DNA-110440 [Tab strip] Tab favicon not cropped when it does not fit in tab size * DNA-110469 Move Shopping corner and Loomi to 'Special Features' section * DNA-110510 [Tab strip] Mute icon displayed over tab title * DNA-110526 If group is first the tab bar is not aligned with address bar * DNA-110828 Update chess.com build * DNA-110836 Promote 102 to stable * DNA-110892 Translations for O102 * DNA-110962 Fix ab_tests.json preferences override not working - The update to chromium 116.0.5845.97 fixes following issues: CVE-2023-2312, CVE-2023-4349, CVE-2023-4350, CVE-2023-4351, CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355, CVE-2023-4356, CVE-2023-4357, CVE-2023-4358, CVE-2023-4359, CVE-2023-4360, CVE-2023-4361, CVE-2023-4362, CVE-2023-4362, CVE-2023-4363, CVE-2023-4364, CVE-2023-4365, CVE-2023-4366, CVE-2023-4367, CVE-2023-4368 - Complete Opera 102 changelog at: https://blogs.opera.com/desktop/changelog-for-102/ - Update to 101.0.4843.43 * CHR-9381 Update Chromium on desktop-stable-115-4843 to 115.0.5790.171 * DNA-108919 Tab Island 'Move To Island' highlight color is the same as island color * DNA-109202 Often extension popup is not displayed * DNA-109454 Wallpaper customization with remote resource * DNA-109679 Fix typo in flags schema * DNA-109927 Add tooltips for visual or incomplete items in context menu * DNA-110225 Replace Twitter logo in Sidebar with the new one X * DNA-110244 Translations for O101 * DNA-110276 Fix race condition in DeferredInstalledWallpapers * DNA-110400 teaser_event_impression counted when user closes baner - The update to chromium 115.0.5790.171 fixes following issues: CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078 - Update to 101.0.4843.23 * DNA-109400 Enable #adblocker-anticv on developer stream * DNA-109423 Add histograms to help track #platform-h264-decoder-in-gpu quality * DNA-109861 Crash on expading folder on bookmark bar containing unnamed subfolder * DNA-109872 WMFAudioDecoder reports spurious dry run if initialized during pipeline shutdown * DNA-109908 Crash at opera::(anonymous namespace):: AddNewTabToWorkspaceIfCurrent(Browser*, opera::WorkspaceId) (.llvm.13400399341940007321) * DNA-110005 Duplicated tabs indicator is not shown on tab bar * DNA-110062 [Linux] QT6 dependency issue with .rpm package * DNA-110210 Enable #adblocker-anticv on all streams * DNA-110244 Translations for O101 - Update to 101.0.4843.25 * CHR-9357 Update Chromium on desktop-stable-115-4843 to 115.0.5790.90 * CHR-9362 Update Chromium on desktop-stable-115-4843 to 115.0.5790.102 * DNA-104841 Create a smooth corner background * DNA-108012 [Opera One] Misaligned inner bookmarks menu in Opera Menu * DNA-109129 Crash at opera::component_based:: OperaOneIntroductionAnimationController::AnimateHideVisibility() * DNA-109209 Dragged island falls under island its being dragged over * DNA-109266 Crash at content::WebContentsImpl:: SetDelegate(content::WebContentsDelegate*) * DNA-109310 Broken session files are not automatically recovered * DNA-109448 [AdBlock] Images from ads are missing with AA enabled * DNA-109587 "Show bookmarks bar" checkbox on bookmarks feature(Dark Mode) * DNA-109674 Closing the tabs in the workspace in the other window will close Opera * DNA-109694 Smooth corners on active tab * DNA-109774 Log when trying to switch workspace while closing browser * DNA-110005 Duplicated tabs indicator is not shown on tab bar * DNA-110244 Translations for O101 - Complete Opera 101 changelog at: https://blogs.opera.com/desktop/changelog-for-101/ - Update to 100.0.4815.76 * DNA-109129 Crash at opera::component_based::Opera OneIntroductionAnimationController::AnimateHideVisibility() * DNA-109233 Crash at crash_reporter::(anonymous namespace):: AbslAbortHook(char const*, int, char const*, char const*, char const*) * DNA-109673 Session stat event teaser_tile_click is not sent * DNA-109897 Session is lost when new session file is created - Changes in 100.0.4815.54 * DNA-109148 Allow AI extension to change permissions during update * DNA-109172 WMFAudioDecoder fails with #platform-aac-decoder-in-gpu enabled * DNA-109633 Do not send TabStripEmpty multiple times * DNA-109674 Closing the tabs in the workspace in the other window will close Opera * DNA-109774 Log when trying to switch workspace while closing browser - Changes in 100.0.4815.47 * DNA-108456 WMFAudioDecoder dry run should include decoding one buffer * DNA-108478 Disable extension icon on the right side (where all normal extensions are) * DNA-108791 Give access to feedbackPopupPrivate * DNA-109134 Crash at media::FFmpegDemuxer:: OnFindStreamInfoDone(int) if LD_PRELOAD set by user * DNA-109137 SD images/icons/logo not loading or loading really slow * DNA-109182 Please add an event when popup closes * DNA-109231 Extended click area does not work for groups * DNA-109242 Session unload kDisablePageLoadsOnStartup not working * DNA-109310 Broken session files are not automatically recovered * DNA-109618 Crash logger RestartAction should be set only after crash - Update to 100.0.4815.30 * CHR-9339 Update Chromium on desktop-stable-114-4815 to 114.0.5735.199 * DNA-106986 [Tab strip][Tab islands] Reduce size of tab island handle * DNA-107205 Disable banner on fresh installation "Back up your Opera Browser" * DNA-107306 Update Contributors list Opera One * DNA-107337 NotReached in Browser::CloseContents * DNA-107673 Crash at static void opera::ComponentTabStripController::ShowHoverCardForGroup() * DNA-108461 Distribute Aria with the Opera build * DNA-108540 [Rich Hints] Tab islands – a trigger and anchor * DNA-108545 Track accelerated video decoding support * DNA-108606 [Mac] Opening context menu closes subfolders menu on bookmark bar * DNA-108664 Set minimum and maximum width for Aria extension * DNA-108702 Tab falls outside island with specific number of tabs on tab strip * DNA-108731 Add "aria" stat to the schema * DNA-108760 Record tab islands events * DNA-108761 Implement ‘Later' functionality * DNA-108763 Implement ‘Quit while showing onboarding' * DNA-108806 Command Line not activated when sidebar panel is opened * DNA-108858 [Linux] Browser window corners are not rounded perfectly * DNA-108863 Sidebar panel isn't properly aligned with sidebar * DNA-108882 [Icon change] Sync icon without custom image * DNA-108898 [Autohide] Sidebar panel title bar is not tall enough * DNA-108906 Turn on #component-based-context-menu on all streams * DNA-108907 Empty text (button inactive) button color is wrong * DNA-108912 Implement rotating animation for Aria command line * DNA-108921 Enable #opera-one-introduction on all streams * DNA-108928 Show overlay only if command-line parameter was given * DNA-108933 Update repack script to handle introduction extension * DNA-108938 Translations for O100 * DNA-108942 Remove Shopping Corner from the sidebar by default * DNA-108943 Crash at opera::AriaCommandLineController::~AriaCommandLineController() * DNA-108949 Make opera://intro display introduction page from extension * DNA-108952 Implement splash screen * DNA-108955 Aria extension is moved to the right after sending prompt from Command Line when sidebar is set to autohide * DNA-108957 Opera crashes during shutdown after opera-one-introduction hid * DNA-108958 Commandline disappears after clicking Aria logo on Commandline bar * DNA-108959 Commandline does not have hover effect on Send button * DNA-108980 Add Control+Shift+7 / Command+Shift+7 as alternative shortcut for Aria command line * DNA-108992 Opera One introduction appears in every New Window * DNA-109009 Crash at opera::component_based::ComponentTabGroup::UpdateTabAppearances() * DNA-109021 [Stable] No Shopping corner icon in sidebar setup * DNA-109031 [Tab islands] Island can automatically re-collapse when clicking handle button to expand it * DNA-109036 [Private Mode] [Light Team] Icons in address bar flashed white when pressed * DNA-109037 [Private Mode][Light] Folders name are not readable in BB when highlighted * DNA-109085 Two separators after ‘Search with' option * DNA-109091 Can't change tab when window is maximized on second display * DNA-109096 "Move to workspaces” doesn't fit all workspaces * DNA-109099 [WinLin] Add Aria command line to Opera menu * DNA-109102 [O-menu][History] Wrong layout of elements without icon in history submenu * DNA-109129 Crash at opera::component_based::OperaOneIntroduction AnimationController::AnimateHideVisibility() * DNA-109199 DCHECK when pinning tabs * DNA-108893 Promote 100 to stable - Complete Opera 100 changelog at: https://blogs.opera.com/desktop/changelog-for-100/ - The update to chromium 114.0.5735.199 fixes following issues: CVE-2023-3420, CVE-2023-3421, CVE-2023-3422 - Update to 99.0.4788.31 * DNA-107338 NotReached in SadTabView::OnPaint * DNA-107689 Crash at extensions:: ShodanPrivateShowPopupForSelectedTextFunction::Run() Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:NonFree: zypper in -t patch openSUSE-2023-251=1 Package List: - openSUSE Leap 15.4:NonFree (x86_64): opera-102.0.4880.40-lp154.2.50.1 References: https://www.suse.com/security/cve/CVE-2023-2312.html https://www.suse.com/security/cve/CVE-2023-3420.html https://www.suse.com/security/cve/CVE-2023-3421.html https://www.suse.com/security/cve/CVE-2023-3422.html https://www.suse.com/security/cve/CVE-2023-4068.html https://www.suse.com/security/cve/CVE-2023-4069.html https://www.suse.com/security/cve/CVE-2023-4070.html https://www.suse.com/security/cve/CVE-2023-4071.html https://www.suse.com/security/cve/CVE-2023-4072.html https://www.suse.com/security/cve/CVE-2023-4073.html https://www.suse.com/security/cve/CVE-2023-4074.html https://www.suse.com/security/cve/CVE-2023-4075.html https://www.suse.com/security/cve/CVE-2023-4076.html https://www.suse.com/security/cve/CVE-2023-4077.html https://www.suse.com/security/cve/CVE-2023-4078.html https://www.suse.com/security/cve/CVE-2023-4349.html https://www.suse.com/security/cve/CVE-2023-4350.html https://www.suse.com/security/cve/CVE-2023-4351.html https://www.suse.com/security/cve/CVE-2023-4352.html https://www.suse.com/security/cve/CVE-2023-4353.html https://www.suse.com/security/cve/CVE-2023-4354.html https://www.suse.com/security/cve/CVE-2023-4355.html https://www.suse.com/security/cve/CVE-2023-4356.html https://www.suse.com/security/cve/CVE-2023-4357.html https://www.suse.com/security/cve/CVE-2023-4358.html https://www.suse.com/security/cve/CVE-2023-4359.html https://www.suse.com/security/cve/CVE-2023-4360.html https://www.suse.com/security/cve/CVE-2023-4361.html https://www.suse.com/security/cve/CVE-2023-4362.html https://www.suse.com/security/cve/CVE-2023-4363.html https://www.suse.com/security/cve/CVE-2023-4364.html https://www.suse.com/security/cve/CVE-2023-4365.html https://www.suse.com/security/cve/CVE-2023-4366.html https://www.suse.com/security/cve/CVE-2023-4367.html https://www.suse.com/security/cve/CVE-2023-4368.html https://www.suse.com/security/cve/CVE-2023-4572.html
participants (1)
-
opensuse-security@opensuse.org