Arch Linux: 2021-03-13 High: ASA-202103-8 Opera Code Execution
Mar 20, 2021
•
LinuxSecurity Advisories
2 - 3 min read
The package opera before version 74.0.3911.203-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-202103-8
========================================
Severity: High
Date : 2021-03-13
CVE-ID : CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152
CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156
CVE-2021-21157
Package : opera
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1586
Summary
======
The package opera before version 74.0.3911.203-1 is vulnerable to
arbitrary code execution.
Resolution
=========
Upgrade to 74.0.3911.203-1.
# pacman -Syu "opera>=74.0.3911.203-1"
The problems have been fixed upstream in version 74.0.3911.203.
Workaround
=========
None.
Description
==========
- CVE-2021-21149 (arbitrary code execution)
A stack overflow security issue was found in the Data Transfer
component of the Chromium browser before version 88.0.4324.182.
- CVE-2021-21150 (arbitrary code execution)
A use after free security issue was found in the Downloads component of
the Chromium browser before version 88.0.4324.182.
- CVE-2021-21151 (arbitrary code execution)
A use after free security issue was found in the Payments component of
the Chromium browser before version 88.0.4324.182.
- CVE-2021-21152 (arbitrary code execution)
A heap buffer overflow security issue was found in the Media component
of the Chromium browser before version 88.0.4324.182.
- CVE-2021-21153 (arbitrary code execution)
A stack overflow security issue was found in the GPU Process component
of the Chromium browser before version 88.0.4324.182.
- CVE-2021-21154 (arbitrary code execution)
A heap buffer overflow security issue was found in the Tab Strip
component of the Chromium browser before version 88.0.4324.182.
- CVE-2021-21155 (arbitrary code execution)
A heap buffer overflow security issue was found in the Tab Strip
component of the Chromium browser before version 88.0.4324.182.
- CVE-2021-21156 (arbitrary code execution)
A heap buffer overflow security issue was found in the V8 component of
the Chromium browser before version 88.0.4324.182.
- CVE-2021-21157 (arbitrary code execution)
A use after free security issue was found in the Web Sockets component
of the Chromium browser before version 88.0.4324.182.
Impact
=====
A remote attacker might be able to execute arbitrary code on the
affected host.
References
=========
https://blogs.opera.com/desktop/changelog-for-74/
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://security.archlinux.org/CVE-2021-21149
https://security.archlinux.org/CVE-2021-21150
https://security.archlinux.org/CVE-2021-21151
https://security.archlinux.org/CVE-2021-21152
https://security.archlinux.org/CVE-2021-21153
https://security.archlinux.org/CVE-2021-21154
https://security.archlinux.org/CVE-2021-21155
https://security.archlinux.org/CVE-2021-21156
https://security.archlinux.org/CVE-2021-21157
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!