{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for opera","title":"Title of the patch"},{"category":"description","text":"This update for opera fixes the following issues:\n\nOpera was updated to version 65.0.3467.62\n\n- CHR-7658 Update chromium on desktop-stable-78-3467 \n  to 78.0.3904.108\n- DNA-81387 Remove support for old bundle structure \n  in signing scripts\n- DNA-81675 Update widevine signature localisation in \n  signed packages\n- DNA-81884 [Advanced content blocking] Ads are blocked \n  for whitelisted page in Incognito\n- DNA-82230 [Mac] URL is not correctly aligned when \n  the Geolocation is ON\n- DNA-82368 Generating diffs for unsinged packages doesn’t work\n- DNA-82414 Wrong number of trackers displayed just after \n  deactivating adblocker\n- DNA-82470 [Linux] Snap package doesn’t recognise GNOME 3.24 \n  platform snap connection\n- DNA-82473 https://www.nba.com/standings not working with \n  AdBlocker enabled\n- DNA-82484 Update content blocking icon\n- DNA-82485 [Mac 10.15] Opera installer error at the end of \n  installation process\n- DNA-82508 [Adblocker] Predefault lists can not be unchecked\n- DNA-82557 Address bar dropdown launches HTTP GETs for \n  every autocomplete\n- DNA-82596 Do not block first-party ‘trackers’\n- DNA-82616 Settings – Tracker Blocker – Add “Learn more” link\n- DNA-82626 [Win] High CPU usage due to media indicator animation\n- DNA-82647 Tab icons mixed after Tab closing\n- DNA-82742 Pages won’t load after closing private mode\n- DNA-82768 Mark also the reference group in “exp” header \n  for DNA-81658\n- DNA-82840 Disable favicon fetching for typed URLs\n\nComplete Opera 65.0 changelog at:\n\n  https://blogs.opera.com/desktop/changelog-for-65/\n\nUpdate to version 64.0.3417.92\n\n- DNA-81358 Wrong key color on extension popup in dark mode\n- DNA-82208 Cherry-pick CVE-2019-13721 and CVE-2019-13720\n\nUpdate to version 64.0.3417.83\n\n- DNA-79676 Use FFmpegDemuxer to demux ADTS\n- DNA-81010 Spinner takes a lot of cpu\n- DNA-81385 Keys on some popups in dark mode can’t be hovered\n- DNA-81494 [Mac] Snap onboarding doesn’t appear while \n  the icon still flashes\n- DNA-82003 Restore legacy path for AudioFileReader\n- DNA-82019 Enable #ffmpeg-demuxer-everywhere by default \n    in developer\n- DNA-82028 Enable #ffmpeg-demuxer-everywhere by default \n  in stable on macOS\n\nUpdate to version 64.0.3417.73\n\n- CHR-7598 Update chromium on desktop-stable-77-3417 \n  to 77.0.3865.120\n- DNA-80049 The upper border of “Add to bookmarks bar” popup \n  is cut off in white mode\n- DNA-80395 Menu popup borders in Settings are invisible\n  in Dark mode\n- DNA-81263 Change the continue section buttons visibility \n  as in description\n- DNA-81304 Crash at chrome::NewTab(Browser*)\n- DNA-81650 Easy Setup Style looks weird\n- DNA-81708 Missing dependency on //chrome/common:buildflags\n- DNA-81732 [Mac][Catalina] Cannot maximize a window\n  after it’s been minimized\n- DNA-81737 Renderer crash on https://codesandbox.io/s/vanilla-ts\n- DNA-81753 Pinned tab only remembered after next restart\n- DNA-81769 Investigate reports about slow speed dial loading\n  in O64 blog comments\n- DNA-81859 [Mac 10.15] Crash whenever navigating to any page\n- DNA-81893 Get Personalised news on SpeedDials broken layout\n\nUpdate to version 64.0.3417.61\n\n- DNA-80760 Sidebar Messenger icon update\n- DNA-81165 Remove sharing service\n- DNA-81211 [Advanced content blocking] Can not turn off \n  ad blocking in private mode\n- DNA-81323 content_filter::RendererConfigProvider destroyed \n  on wrong sequence\n- DNA-81487 [VPN disclaimer][da, ta] Text should be multiline\n- DNA-81545 opr-session entry for Google ads not working\n- DNA-81580 Speed dials’ colours change after Opera update\n- DNA-81597 [Adblocker] Google Ads link hides if clicking\n- DNA-81639 Widevine verification status is PLATFORM_TAMPERED\n- DNA-81237 [Advanced content blocking] noCoinis \n  not enabled by default\n- DNA-81375 Adblocking_AddToWhitelist_Popup and \n  Adblocking_RemoveFromWhitelist_Popup metric not recorded \n  in stats\n- DNA-81413 Error in console when Start Page connects to My Flow\n- DNA-81435 Adjust VPN disclaimer to longer strings [de]\n\nUpdate to version 64.0.3417.47\n\n- DNA-80531 [Reborn3] Unify Switches\n- DNA-80738 “How to protect my privacy” link\n- DNA-81162 Enable #advanced-content-blocking\n  on developer stream\n- DNA-81202 Privacy Protection popup doesn’t resize after\n  enabling blockers\n- DNA-81230 [Mac] Drop support for 10.10\n- DNA-81280 Adjust button width to the shorter string\n- DNA-81295 Opera 64 translations\n- DNA-81346 Enable #advanced-content-blocking on all streams\n- DNA-81434 Turn on #new-vpn-flow in all streams\n- DNA-81436 Import translations from Chromium to O64\n- DNA-81460 Promote O64 to stable\n- DNA-81461 Snap onboarding is cut\n- DNA-81467 Integrate missing\n  translations (Chinese, MS and TL) to O64/65\n- DNA-81489 Start page goes into infinite loop\n\nComplete Opera 64.0 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-64/\n\nUpdate to version 63.0.3368.94\n\n- CHR-7516 Update chromium on master to 78.0.3887.7\n- DNA-80966 [Linux] Integrate a new key into our packages\n\nUpdate to version 63.0.3368.88\n\n- DNA-79103 Saving link to bookmarks saves it to Other \n  bookmarks folder\n- DNA-79455 Crash at views::MenuController::\n  FindNextSelectableMenuItem(views::MenuItemView*, int, views::\n  MenuController::SelectionIncrementDirectionType, bool)\n- DNA-79579 Continuous packages using \n  new_mac_bundle_structure do not run\n- DNA-79611 Update opauto_paths.py:GetResourcesDir\n- DNA-79621 Add support for new bundle structure to old \n  autoupdate clients\n- DNA-79906 Fix package build\n- DNA-80131 Sign Opera Helper(GPU).app\n- DNA-80191 Fix \n  opera_components/tracking_data/tracking_data_paths.cc\n- DNA-80638 Cherry-pick fix for CreditCardTest.\n  UpdateFromImportedCard_ExpiredVerifiedCardUpdatedWithSameName\n- DNA-80801 Very slow tab deletion process\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2019-2664","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2664-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2019:2664-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM/#ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2019:2664-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM/#ZV4EBHE5S72C7OSS4SLWOWLLE3VUTXBM"},{"category":"self","summary":"SUSE CVE CVE-2019-13720 page","url":"https://www.suse.com/security/cve/CVE-2019-13720/"},{"category":"self","summary":"SUSE CVE CVE-2019-13721 page","url":"https://www.suse.com/security/cve/CVE-2019-13721/"}],"title":"Security update for opera","tracking":{"current_release_date":"2019-12-10T07:30:16Z","generator":{"date":"2019-12-10T07:30:16Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2019:2664-1","initial_release_date":"2019-12-10T07:30:16Z","revision_history":[{"date":"2019-12-10T07:30:16Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"opera-65.0.3467.62-lp151.2.9.1.x86_64","product":{"name":"opera-65.0.3467.62-lp151.2.9.1.x86_64","product_id":"opera-65.0.3467.62-lp151.2.9.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.1 NonFree","product":{"name":"openSUSE Leap 15.1 NonFree","product_id":"openSUSE Leap 15.1 NonFree","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"opera-65.0.3467.62-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1 NonFree","product_id":"openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"},"product_reference":"opera-65.0.3467.62-lp151.2.9.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.1 NonFree"}]},"vulnerabilities":[{"cve":"CVE-2019-13720","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-13720"}],"notes":[{"category":"general","text":"Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-13720","url":"https://www.suse.com/security/cve/CVE-2019-13720"},{"category":"external","summary":"SUSE Bug 1155643 for CVE-2019-13720","url":"https://bugzilla.suse.com/1155643"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-12-10T07:30:16Z","details":"important"}],"title":"CVE-2019-13720"},{"cve":"CVE-2019-13721","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-13721"}],"notes":[{"category":"general","text":"Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-13721","url":"https://www.suse.com/security/cve/CVE-2019-13721"},{"category":"external","summary":"SUSE Bug 1155643 for CVE-2019-13721","url":"https://bugzilla.suse.com/1155643"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.1 NonFree:opera-65.0.3467.62-lp151.2.9.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-12-10T07:30:16Z","details":"important"}],"title":"CVE-2019-13721"}]}