ASA-202110-8 log generated external raw

[ASA-202110-8] opera: multiple issues
Arch Linux Security Advisory ASA-202110-8 ========================================= Severity: High Date : 2021-10-29 CVE-ID : CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 Package : opera Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2444 Summary ======= The package opera before version 80.0.4170.63-1 is vulnerable to multiple issues including arbitrary code execution and sandbox escape. Resolution ========== Upgrade to 80.0.4170.63-1. # pacman -Syu "opera>=80.0.4170.63-1" The problems have been fixed upstream in version 80.0.4170.63. Workaround ========== None. Description =========== - CVE-2021-37977 (arbitrary code execution) A use after free security issue has been found in the Garbage Collection component of the Chromium browser engine before version 94.0.4606.81. - CVE-2021-37978 (arbitrary code execution) A heap buffer overflow security issue has been found in the Blink component of the Chromium browser engine before version 94.0.4606.81. - CVE-2021-37979 (arbitrary code execution) A heap buffer overflow security issue has been found in the WebRTC component of the Chromium browser engine before version 94.0.4606.81. - CVE-2021-37980 (sandbox escape) An inappropriate implementation security issue has been found in the Sandbox component of the Chromium browser engine before version 94.0.4606.81. Impact ====== A remote attacker could execute arbitrary code or disclose sensitive information through crafted web content. References ========== https://blogs.opera.com/desktop/changelog-for-80/ https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html https://crbug.com/1252878 https://crbug.com/1236318 https://crbug.com/1247260 https://crbug.com/1254631 https://security.archlinux.org/CVE-2021-37977 https://security.archlinux.org/CVE-2021-37978 https://security.archlinux.org/CVE-2021-37979 https://security.archlinux.org/CVE-2021-37980

[ASA-202110-8] opera: multiple issues

Arch Linux Security Advisory ASA-202110-8 ========================================= Severity: High Date : 2021-10-29 CVE-ID : CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 Package : opera Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2444 Summary ======= The package opera before version 80.0.4170.63-1 is vulnerable to multiple issues including arbitrary code execution and sandbox escape. Resolution ========== Upgrade to 80.0.4170.63-1. # pacman -Syu "opera>=80.0.4170.63-1" The problems have been fixed upstream in version 80.0.4170.63. Workaround ========== None. Description =========== - CVE-2021-37977 (arbitrary code execution) A use after free security issue has been found in the Garbage Collection component of the Chromium browser engine before version 94.0.4606.81. - CVE-2021-37978 (arbitrary code execution) A heap buffer overflow security issue has been found in the Blink component of the Chromium browser engine before version 94.0.4606.81. - CVE-2021-37979 (arbitrary code execution) A heap buffer overflow security issue has been found in the WebRTC component of the Chromium browser engine before version 94.0.4606.81. - CVE-2021-37980 (sandbox escape) An inappropriate implementation security issue has been found in the Sandbox component of the Chromium browser engine before version 94.0.4606.81. Impact ====== A remote attacker could execute arbitrary code or disclose sensitive information through crafted web content. References ========== https://blogs.opera.com/desktop/changelog-for-80/ https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html https://crbug.com/1252878 https://crbug.com/1236318 https://crbug.com/1247260 https://crbug.com/1254631 https://security.archlinux.org/CVE-2021-37977 https://security.archlinux.org/CVE-2021-37978 https://security.archlinux.org/CVE-2021-37979 https://security.archlinux.org/CVE-2021-37980