Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10130-1 Final 1 1 2022-09-26T16:01:33Z current 2022-09-26T16:01:33Z 2022-09-26T16:01:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to 91.0.4516.20 - CHR-9019 Update chromium on desktop-stable-105-4516 to 105.0.5195.127 - DNA-101312 Allow changing logged in user with BrowserAPI - The update to chromium 105.0.5195.127 fixes following issues: CVE-2022-3196, CVE-2022-3197, CVE-2022-3198, CVE-2022-3199, CVE-2022-3200, CVE-2022-3201 Update to 91.0.4516.16 - CHR-9010 Update chromium on desktop-stable-105-4516 to 105.0.5195.102 - DNA-101447 Incorrect translation in Russian - DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider() - DNA-101495 Performance Stint 2022 - DNA-101551 Add version number info to browser API - DNA-101662 Suppress 'Allowing special test code paths' warning on buildbot - DNA-101753 News don't show after close browser - DNA-101760 Translations for O91 - DNA-101799 Crash at opera::SuggestionList::SortAndCull - DNA-101812 Sponsored site gets chosen as default entry when typing part of top-level domain - DNA-101876 Promote 91 to stable - Complete Opera 91.0 changelog at: https://blogs.opera.com/desktop/changelog-for-91/ Update to 90.0.4480.107 - DNA-100664 Shopping corner widget - DNA-101495 Performance Stint 2022 - DNA-101753 News don’t show after close browser - DNA-101799 Crash at opera::SuggestionList::SortAndCull The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10130 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUZNZHWADYF3EJBJQAVXRVSPIDAPGDJ7/ E-Mail link for openSUSE-SU-2022:10130-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-3196/ SUSE CVE CVE-2022-3196 page https://www.suse.com/security/cve/CVE-2022-3197/ SUSE CVE CVE-2022-3197 page https://www.suse.com/security/cve/CVE-2022-3198/ SUSE CVE CVE-2022-3198 page https://www.suse.com/security/cve/CVE-2022-3199/ SUSE CVE CVE-2022-3199 page https://www.suse.com/security/cve/CVE-2022-3200/ SUSE CVE CVE-2022-3200 page https://www.suse.com/security/cve/CVE-2022-3201/ SUSE CVE CVE-2022-3201 page openSUSE Leap 15.3 NonFree opera-91.0.4516.20-lp153.2.63.1 opera-91.0.4516.20-lp153.2.63.1 as a component of openSUSE Leap 15.3 NonFree Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) CVE-2022-3196 openSUSE Leap 15.3 NonFree:opera-91.0.4516.20-lp153.2.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUZNZHWADYF3EJBJQAVXRVSPIDAPGDJ7/ https://www.suse.com/security/cve/CVE-2022-3196.html CVE-2022-3196 https://bugzilla.suse.com/1203419 SUSE Bug 1203419 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) CVE-2022-3197 openSUSE Leap 15.3 NonFree:opera-91.0.4516.20-lp153.2.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUZNZHWADYF3EJBJQAVXRVSPIDAPGDJ7/ https://www.suse.com/security/cve/CVE-2022-3197.html CVE-2022-3197 https://bugzilla.suse.com/1203419 SUSE Bug 1203419 Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) CVE-2022-3198 openSUSE Leap 15.3 NonFree:opera-91.0.4516.20-lp153.2.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUZNZHWADYF3EJBJQAVXRVSPIDAPGDJ7/ https://www.suse.com/security/cve/CVE-2022-3198.html CVE-2022-3198 https://bugzilla.suse.com/1203419 SUSE Bug 1203419 Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3199 openSUSE Leap 15.3 NonFree:opera-91.0.4516.20-lp153.2.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUZNZHWADYF3EJBJQAVXRVSPIDAPGDJ7/ https://www.suse.com/security/cve/CVE-2022-3199.html CVE-2022-3199 https://bugzilla.suse.com/1203419 SUSE Bug 1203419 Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3200 openSUSE Leap 15.3 NonFree:opera-91.0.4516.20-lp153.2.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUZNZHWADYF3EJBJQAVXRVSPIDAPGDJ7/ https://www.suse.com/security/cve/CVE-2022-3200.html CVE-2022-3200 https://bugzilla.suse.com/1203419 SUSE Bug 1203419 Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) CVE-2022-3201 openSUSE Leap 15.3 NonFree:opera-91.0.4516.20-lp153.2.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUZNZHWADYF3EJBJQAVXRVSPIDAPGDJ7/ https://www.suse.com/security/cve/CVE-2022-3201.html CVE-2022-3201 https://bugzilla.suse.com/1203419 SUSE Bug 1203419 https://bugzilla.suse.com/1203808 SUSE Bug 1203808