openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0297-1 Rating: important References: Cross-References: CVE-2023-5186 CVE-2023-5187 CVE-2023-5217 CVSS scores: CVE-2023-5186 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-5187 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-5217 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-5217 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.5:NonFree ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 103.0.4928.16 * CHR-9416 Updating Chromium on desktop-stable-* branches * CHR-9433 Update Chromium on desktop-stable-117-4928 to 117.0.5938.89 * CHR-9449 Update Chromium on desktop-stable-117-4928 to 117.0.5938.132 * DNA-110337 Opera Intro extension custom versions * DNA-111454 Player animations visual adjustments * DNA-111618 Turn on #password-generator on all streams * DNA-111645 Turn on flag #player-service-react on developer stream * DNA-111708 Player home page is shown while music service is being loaded * DNA-111722 [Tab strip][Tab island] Add tab in tab island button appears after size of tabs is changed * DNA-111727 JsonPrefStore is created twice for Local State file * DNA-111838 Promote 103.0 to stable * DNA-111845 Turn on flag #player-service-react on all streams * DNA-111868 Translations for O103 * DNA-111874 OMenu and Context Menus has transparent few px border - The update to chromium 117.0.5938.89 fixes following issues: CVE-2023-5217, CVE-2023-5186, CVE-2023-5187 - Complete Opera 103 changelog at: https://blogs.opera.com/desktop/changelog-for-103/ - Update to 102.0.4880.78 * DNA-110952 Crash at base::subtle::RefCountedBase:: ReleaseImpl() const - Update to 102.0.4880.70 * DNA-105016 Do not open file selector when closing easy files dialog with 'close this popup' option * DNA-110437 Extensions font color in dark mode makes the text not visible * DNA-110443 Crash at EasyFilesView::ShowFileSelector * DNA-111231 Amazon Music logo update in sidebar Player * DNA-111280 Make import from Crypto Browser to Opera Browser easier * DNA-111355 [Sidebar] DevTools is not working correctly in with sidebar panel * DNA-111708 Player home page is shown while music service is being loaded * DNA-111162 Refresh Player home page * DNA-111164 Implement animation in Player home page - Update to 102.0.4880.56 * DNA-110785 Crash at static void base::allocator:: UnretainedDanglingRawPtrDetectedDumpWithoutCrashing (unsigned __int64) * DNA-110973 Crash after dragging tab from island to another screen * DNA-111199 Disable user_education tests from component_unittests * DNA-111369 Crash at views::View::DoRemoveChildView(views:: View*, bool, bool, views::View*) * DNA-111538 All new open windows don`t have a close button 'x' in the right upper corner. - Changes in 102.0.4880.51 * CHR-9416 Automatic tries of updating Chromium on desktop-stable-* branches * DNA-110101 [Linux] Maximize/restore button does not work properly * DNA-110669 duplicated hints on system buttons * DNA-110823 Uninstallation Survey Countries * DNA-110881 Scroll bar doesn't change color in dark mode * DNA-110930 Capture mouse events on the 1-pixel edge for DevTools * DNA-110935 ChatSonic colors are unreadable in Dark Mode * DNA-111034 Dynamic icon does not look good in edit-tile-modal * DNA-111035 Removal custom-image should restore dynamic icon * DNA-111177 [Start page] Letter in SD is black on light wallpaper * DNA-111488 Improve profile migration for desktop-stable-116-4880 - Update to 102.0.4880.46 * CHR-9416 Automatic tries of updating Chromium on desktop-stable-* branches * DNA-110216 [Sidebar] Straight lines instead of rounded corners * DNA-110539 [LIN] Crash at content::WebContentsImpl:: GetLastCommittedURL() * DNA-110631 AB test mechanism for Speed Dial * DNA-110656 [TabStrip] Memory leak for tab group * DNA-111322 Only show splash screen on major version update * DNA-111417 Crash at opera::component_based:: TabAnimationController::StartAnimatedLayout(opera:: component_based::TabAnimationController::AnimationInfo, base::OnceCallback) * DNA-111420 Update continue on link for euro rtv agd * DNA-111440 Crash at opera::component_based:: ComponentTabBar::GetActiveTab() Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5:NonFree: zypper in -t patch openSUSE-2023-297=1 Package List: - openSUSE Leap 15.5:NonFree (x86_64): opera-103.0.4928.16-lp155.3.12.1 References: https://www.suse.com/security/cve/CVE-2023-5186.html https://www.suse.com/security/cve/CVE-2023-5187.html https://www.suse.com/security/cve/CVE-2023-5217.html