ArchLinux: 202102-5: opera: multiple issues
Summary
- CVE-2020-16044 (arbitrary code execution)
A security issue was found in Firefox before 84.0.2, Thunderbird before
78.6.1 and Chromium before 88.0.4324.96. A malicious peer could have
modified a COOKIE-ECHO chunk in an SCTP packet in a way that
potentially resulted in a use-after-free. Mozilla presumes that with
enough effort it could have been exploited to run arbitrary code.
- CVE-2021-21117 (insufficient validation)
An insufficient policy enforcement security issue was found in the
Cryptohome component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21118 (insufficient validation)
An insufficient data validation security issue was found in the V8
component of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21119 (arbitrary code execution)
A use after free security issue was found in the Media component of the
Chromium browser before version 88.0.4324.96.
- CVE-2021-21120 (arbitrary code execution)
A use after free security issue was found in the WebSQL component of
the Chromium browser before version 88.0.4324.96.
- CVE-2021-21121 (arbitrary code execution)
A use after free security issue was found in the Omnibox component of
the Chromium browser before version 88.0.4324.96.
- CVE-2021-21122 (arbitrary code execution)
A use after free security issue was found in the Blink component of the
Chromium browser before version 88.0.4324.96.
- CVE-2021-21123 (insufficient validation)
An insufficient data validation security issue was found in the File
System component of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21124 (arbitrary code execution)
A potential use after free security issue was found in the Speech
Recognizer component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21125 (insufficient validation)
An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21126 (insufficient validation)
An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21127 (insufficient validation)
An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21128 (arbitrary code execution)
A heap buffer overflow security issue was found in the Blink component
of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21129 (insufficient validation)
An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21130 (insufficient validation)
An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21131 (insufficient validation)
An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21132 (incorrect calculation)
An inappropriate implementation security issue was found in the
DevTools component of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21133 (insufficient validation)
An insufficient policy enforcement security issue was found in the
Downloads component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21134 (content spoofing)
An incorrect security UI security issue was found in the Page Info
component of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21135 (incorrect calculation)
An inappropriate implementation security issue was found in the
Performance API component of the Chromium browser before version
88.0.4324.96.
- CVE-2021-21136 (insufficient validation)
An insufficient policy enforcement security issue was found in the
WebView component of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21137 (incorrect calculation)
An inappropriate implementation security issue was found in the
DevTools component of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21138 (arbitrary code execution)
A use after free security issue was found in the DevTools component of
the Chromium browser before version 88.0.4324.96.
- CVE-2021-21139 (incorrect calculation)
An inappropriate implementation security issue was found in the iframe
sandbox component of the Chromium browser before version 88.0.4324.96.
- CVE-2021-21140 (arbitrary code execution)
An uninitialized use security issue was found in the USB component of
the Chromium browser before version 88.0.4324.96.
- CVE-2021-21141 (insufficient validation)
An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
88.0.4324.96.
Resolution
Upgrade to 74.0.3911.75-1.
# pacman -Syu "opera>=74.0.3911.75-1"
The problems have been fixed upstream in version 74.0.3911.75.
References
https://blogs.opera.com/desktop/2021/02/opera-74-stable/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044 https://bugzilla.mozilla.org/show_bug.cgi?id=1683964 https://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead https://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7 https://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2020-16044 https://security.archlinux.org/CVE-2021-21117 https://security.archlinux.org/CVE-2021-21118 https://security.archlinux.org/CVE-2021-21119 https://security.archlinux.org/CVE-2021-21120 https://security.archlinux.org/CVE-2021-21121 https://security.archlinux.org/CVE-2021-21122 https://security.archlinux.org/CVE-2021-21123 https://security.archlinux.org/CVE-2021-21124 https://security.archlinux.org/CVE-2021-21125 https://security.archlinux.org/CVE-2021-21126 https://security.archlinux.org/CVE-2021-21127 https://security.archlinux.org/CVE-2021-21128 https://security.archlinux.org/CVE-2021-21129 https://security.archlinux.org/CVE-2021-21130 https://security.archlinux.org/CVE-2021-21131 https://security.archlinux.org/CVE-2021-21132 https://security.archlinux.org/CVE-2021-21133 https://security.archlinux.org/CVE-2021-21134 https://security.archlinux.org/CVE-2021-21135 https://security.archlinux.org/CVE-2021-21136 https://security.archlinux.org/CVE-2021-21137 https://security.archlinux.org/CVE-2021-21138 https://security.archlinux.org/CVE-2021-21139 https://security.archlinux.org/CVE-2021-21140 https://security.archlinux.org/CVE-2021-21141
Workaround
None.