ArchLinux: 202112-2: opera: multiple issues
Summary
- CVE-2021-38005 (arbitrary code execution)
A use after free security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38006 (arbitrary code execution)
A use after free security issue has been found in the storage
foundation component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38007 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38008 (arbitrary code execution)
A use after free security issue has been found in the media component
of the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38009 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
cache component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38010 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
service workers component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38011 (arbitrary code execution)
A use after free security issue has been found in the storage
foundation component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38012 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38013 (arbitrary code execution)
A heap buffer overflow security issue has been found in the fingerprint
recognition component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38014 (arbitrary code execution)
An out of bounds write security issue has been found in the Swiftshader
component of the Chromium browser engine before version 96.0.4664.45.
- CVE-2021-38015 (arbitrary code execution)
An inappropriate implementation security issue has been found in the
input component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38016 (access restriction bypass)
An insufficient policy enforcement security issue has been found in the
background fetch component of the Chromium browser engine before
version 96.0.4664.45.
- CVE-2021-38017 (sandbox escape)
An insufficient policy enforcement security issue has been found in the
iframe sandbox component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38018 (content spoofing)
An inappropriate implementation security issue has been found in the
navigation component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38019 (same-origin policy bypass)
An insufficient policy enforcement security issue has been found in the
CORS component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38020 (information disclosure)
An insufficient policy enforcement security issue has been found in the
contacts picker component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38021 (information disclosure)
An inappropriate implementation security issue has been found in the
referrer component of the Chromium browser engine before version
96.0.4664.45.
- CVE-2021-38022 (denial of service)
An inappropriate implementation security issue has been found in the
WebAuthentication component of the Chromium browser engine before
version 96.0.4664.45.
Resolution
Upgrade to 82.0.4227.23-1.
# pacman -Syu "opera>=82.0.4227.23-1"
The problems have been fixed upstream in version 82.0.4227.23.
References
https://blogs.opera.com/desktop/changelog-for-81/ https://blogs.opera.com/desktop/changelog-for-82/ https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-38005 https://security.archlinux.org/CVE-2021-38006 https://security.archlinux.org/CVE-2021-38007 https://security.archlinux.org/CVE-2021-38008 https://security.archlinux.org/CVE-2021-38009 https://security.archlinux.org/CVE-2021-38010 https://security.archlinux.org/CVE-2021-38011 https://security.archlinux.org/CVE-2021-38012 https://security.archlinux.org/CVE-2021-38013 https://security.archlinux.org/CVE-2021-38014 https://security.archlinux.org/CVE-2021-38015 https://security.archlinux.org/CVE-2021-38016 https://security.archlinux.org/CVE-2021-38017 https://security.archlinux.org/CVE-2021-38018 https://security.archlinux.org/CVE-2021-38019 https://security.archlinux.org/CVE-2021-38020 https://security.archlinux.org/CVE-2021-38021 https://security.archlinux.org/CVE-2021-38022
Workaround
None.