Vulnerability from csaf_opensuse
Published
2022-05-01 18:01
Modified
2022-05-01 18:01
Summary
Security update for opera

Notes

Title of the patch
Security update for opera
Description of the patch
This update for opera fixes the following issues: Update to 86.0.4363.23: - CHR-8843 Update chromium on desktop-stable-100-4363 to 100.0.4896.127 - DNA-98236 Turn on #snap-text-selection on all streams - DNA-98507 DCHECK at address_bar_controller.cc(547) - DNA-98528 Suggestions for internal pages disappear when typing their full name - DNA-98538 Change name of 'Opera Crypto Wallet' to 'Crypto Wallet' - DNA-98540 Booking.com used instead of custom search engine - DNA-98587 Favicon of booking suggestion in the city category is unexpectedly changing - DNA-98605 City suggestions should show URL in address field when selected - DNA-98608 #address-bar-dropdown-categories expired - DNA-98616 Add recent searches to 'old' BABE - DNA-98668 Switch to tab button leads to wrong tab - DNA-98673 Improve suggestion removal handling in suggestion providers - DNA-98681 Remove unused suggestion consumers - DNA-98684 Have a dedicated SuggestionList for the new address bar dropdown - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98688 'Disable this feature' mini-menu settings is non-intuitive - DNA-98690 Autocompleted text stayed in address field after removing suggestion - DNA-98738 Inline autocomplete suggestion for SD disappears after typing 3rd letter of SD name - DNA-98743 Blank dropdown after pressing space key - DNA-98783 Improve showing suggestions with long URLs or page titles - DNA-98785 'Switch to tab' button not shown for suggestions with www subdomain when typing domain text - DNA-98879 'Disable suggestions before typing' mini-menu option should change to 'Enable suggestions before typing' when being selected - DNA-98917 Translations for O86 - DNA-98975 Turn on #snap-crop-tool on all channels - DNA-98980 Enable #native-crypto-wallet on all streams - DNA-99005 The sidebar item is not visible for already active crypto wallet users when #native-crypto-wallet flag is enabled. - DNA-99007 Crash at TemplateURLRef::ParseIfNecessary(SearchTermsData const&) const - DNA-99047 Promote O86 to stable - The update to chromium 100.0.4896.127 fixes following issues: CVE-2022-1364 - Complete Opera 86.0 changelog at: https://blogs.opera.com/desktop/changelog-for-86/ Update to 85.0.4341.60: - DNA-98666 Set baidu as default search engine in China - DNA-98707 Hint is not displayed for new crypto wallet sidebar icon - DNA-98775 RichHintsSearchEngineCondition.testSogouSearchEngine errors Update to 85.0.4341.47: - DNA-98249 Add feature flag #native-crypto-wallet - DNA-98250 Install extension on startup - DNA-98251 Make Crypto Wallet setting enable / disable extension - DNA-98252 Deactivate old desktop crypto wallet - DNA-98253 Always show “Crypto Wallet” in Sidebar Setup - DNA-98497 Crash when installing extension - DNA-98506 Enable opera_feature_crypto_wallet_encryption on desktop - DNA-98510 Blank icon in sidebar setup - DNA-98538 Change name of 'Opera Crypto Wallet' to 'Crypto Wallet' - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98766 Crash at opera::AddressBarControllerImpl::OpenNativeDropdown() - DNA-98768 Crash at extensions::ContentFilterPrivateIsWhitelistedFunction::Run() - DNA-98770 Recent searches stay in address field after selecting entry from dropdown - DNA-98772 Screen sharing broken - DNA-98803 Autofilled part appended after selecting address bar using shortcut
Patchnames
openSUSE-2022-123
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for opera",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for opera fixes the following issues:\n\nUpdate to 86.0.4363.23:\n\n  - CHR-8843 Update chromium on desktop-stable-100-4363 to\n    100.0.4896.127\n  - DNA-98236 Turn on #snap-text-selection on all streams\n  - DNA-98507 DCHECK at address_bar_controller.cc(547)\n  - DNA-98528 Suggestions for internal pages disappear when typing\n    their full name\n  - DNA-98538 Change name of \u0027Opera Crypto Wallet\u0027 to\n    \u0027Crypto Wallet\u0027\n  - DNA-98540 Booking.com used instead of custom search engine\n  - DNA-98587 Favicon of booking suggestion in the city category\n    is unexpectedly changing\n  - DNA-98605 City suggestions should show URL in address field\n    when selected\n  - DNA-98608 #address-bar-dropdown-categories expired\n  - DNA-98616 Add recent searches to \u0027old\u0027 BABE\n  - DNA-98668 Switch to tab button leads to wrong tab\n  - DNA-98673 Improve suggestion removal handling in suggestion\n    providers\n  - DNA-98681 Remove unused suggestion consumers\n  - DNA-98684 Have a dedicated SuggestionList for the new address\n    bar dropdown\n  - DNA-98685 Enable #native-crypto-wallet on developer\n  - DNA-98688 \u0027Disable this feature\u0027 mini-menu settings is\n    non-intuitive\n  - DNA-98690 Autocompleted text stayed in address field after\n    removing suggestion\n  - DNA-98738 Inline autocomplete suggestion for SD disappears\n    after typing 3rd letter of SD name\n  - DNA-98743 Blank dropdown after pressing space key\n  - DNA-98783 Improve showing suggestions with long URLs or page\n    titles\n  - DNA-98785 \u0027Switch to tab\u0027 button not shown for suggestions with\n    www subdomain when typing domain text\n  - DNA-98879 \u0027Disable suggestions before typing\u0027 mini-menu option\n    should change to \u0027Enable suggestions before typing\u0027 when being\n    selected\n  - DNA-98917 Translations for O86\n  - DNA-98975 Turn on #snap-crop-tool on all channels\n  - DNA-98980 Enable #native-crypto-wallet on all streams\n  - DNA-99005 The sidebar item is not visible for already active\n    crypto wallet users when #native-crypto-wallet flag is enabled.\n  - DNA-99007 Crash at\n    TemplateURLRef::ParseIfNecessary(SearchTermsData const\u0026) const\n  - DNA-99047 Promote O86 to stable\n\n- The update to chromium 100.0.4896.127 fixes following issues:\n  CVE-2022-1364\n\n- Complete Opera 86.0 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-86/\n\nUpdate to 85.0.4341.60:\n\n  - DNA-98666 Set baidu as default search engine in China\n  - DNA-98707 Hint is not displayed for new crypto wallet\n    sidebar icon\n  - DNA-98775 RichHintsSearchEngineCondition.testSogouSearchEngine\n    errors\n\nUpdate to 85.0.4341.47:\n\n  - DNA-98249 Add feature flag #native-crypto-wallet\n  - DNA-98250 Install extension on startup\n  - DNA-98251 Make Crypto Wallet setting enable / disable extension\n  - DNA-98252 Deactivate old desktop crypto wallet\n  - DNA-98253 Always show \u201cCrypto Wallet\u201d in Sidebar Setup\n  - DNA-98497 Crash when installing extension\n  - DNA-98506 Enable opera_feature_crypto_wallet_encryption\n    on desktop\n  - DNA-98510 Blank icon in sidebar setup\n  - DNA-98538 Change name of \u0027Opera Crypto Wallet\u0027 to\n    \u0027Crypto Wallet\u0027\n  - DNA-98685 Enable #native-crypto-wallet on developer\n  - DNA-98766 Crash at\n    opera::AddressBarControllerImpl::OpenNativeDropdown()\n  - DNA-98768 Crash at\n    extensions::ContentFilterPrivateIsWhitelistedFunction::Run()\n  - DNA-98770 Recent searches stay in address field after selecting\n    entry from dropdown\n  - DNA-98772 Screen sharing broken\n  - DNA-98803 Autofilled part appended after selecting address\n    bar using shortcut\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2022-123",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0123-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2022:0123-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQIZDBENBA7SYCDEBOVU4TMJLSK3IIRM/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2022:0123-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQIZDBENBA7SYCDEBOVU4TMJLSK3IIRM/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1364 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1364/"
      }
    ],
    "title": "Security update for opera",
    "tracking": {
      "current_release_date": "2022-05-01T18:01:12Z",
      "generator": {
        "date": "2022-05-01T18:01:12Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2022:0123-1",
      "initial_release_date": "2022-05-01T18:01:12Z",
      "revision_history": [
        {
          "date": "2022-05-01T18:01:12Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "opera-86.0.4363.23-lp153.2.45.1.x86_64",
                "product": {
                  "name": "opera-86.0.4363.23-lp153.2.45.1.x86_64",
                  "product_id": "opera-86.0.4363.23-lp153.2.45.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3 NonFree",
                "product": {
                  "name": "openSUSE Leap 15.3 NonFree",
                  "product_id": "openSUSE Leap 15.3 NonFree",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "opera-86.0.4363.23-lp153.2.45.1.x86_64 as component of openSUSE Leap 15.3 NonFree",
          "product_id": "openSUSE Leap 15.3 NonFree:opera-86.0.4363.23-lp153.2.45.1.x86_64"
        },
        "product_reference": "opera-86.0.4363.23-lp153.2.45.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3 NonFree"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-1364",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1364"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3 NonFree:opera-86.0.4363.23-lp153.2.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1364",
          "url": "https://www.suse.com/security/cve/CVE-2022-1364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198509 for CVE-2022-1364",
          "url": "https://bugzilla.suse.com/1198509"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3 NonFree:opera-86.0.4363.23-lp153.2.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3 NonFree:opera-86.0.4363.23-lp153.2.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-05-01T18:01:12Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-1364"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.