OVAL Reference oval:org.opensuse.security:def:428

Oval Definition:

oval:org.opensuse.security:def:428

Revision Date:	2022-08-27	Version:	1
Title:	Security update for nim (Important)
Description:	This update for nim fixes the following issues: Includes upstream security fixes for: (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF injection * (boo#1175334, CVE-2020-15692) mishandle of argument to browsers.openDefaultBrowser * (boo#1175332, CVE-2020-15694) httpClient.get().contentLength() fails to properly validate the server response * (boo#1192712, CVE-2021-41259) null byte accepted in getContent function, leading to URI validation bypass * (boo#1185948, CVE-2021-29495) stdlib httpClient does not validate peer certificates by default * (boo#1185085, CVE-2021-21374) Improper verification of the SSL/TLS certificate * (boo#1185084, CVE-2021-21373) 'nimble refresh' falls back to a non-TLS URL in case of error * (boo#1185083, CVE-2021-21372) doCmd can be leveraged to execute arbitrary commands * (boo#1181705, CVE-2020-15690) Standard library asyncftpclient lacks a check for newline character Update to 1.6.6 standard library use consistent styles for variable names so it can be used in projects which force a consistent style with --styleCheck:usages option. * ARC/ORC are now considerably faster at method dispatching, bringing its performance back on the level of the refc memory management. * Full changelog: https://nim-lang.org/blog/2022/05/05/version-166-released.html - Previous updates and changelogs: * 1.6.4: https://nim-lang.org/blog/2022/02/08/version-164-released.html * 1.6.2: https://nim-lang.org/blog/2021/12/17/version-162-released.html * 1.6.0: https://nim-lang.org/blog/2021/10/19/version-160-released.html * 1.4.8: https://nim-lang.org/blog/2021/05/25/version-148-released.html * 1.4.6: https://nim-lang.org/blog/2021/04/15/versions-146-and-1212-released.html * 1.4.4: https://nim-lang.org/blog/2021/02/23/versions-144-and-1210-released.html * 1.4.2: https://nim-lang.org/blog/2020/12/01/version-142-released.html * 1.4.0: https://nim-lang.org/blog/2020/10/16/version-140-released.html update to 1.2.16 oids: switch from PRNG to random module * nimc.rst: fix table markup * nimRawSetjmp: support Windows * correctly enable chronos * bigints are not supposed to work on 1.2.x * disable nimpy * misc bugfixes * fixes a 'mixin' statement handling regression [backport:1.2
Family:	unix	Class:	patch
Status:		Reference(s):	1175332 1175333 1175334 1181705 1185083 1185084 1185085 1185948 1192712 CVE-2017-5838 CVE-2017-5838 CVE-2017-5847 CVE-2017-5847 CVE-2017-5848 CVE-2017-5848 CVE-2020-15690 CVE-2020-15692 CVE-2020-15693 CVE-2020-15694 CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 CVE-2021-29495 CVE-2021-41259 openSUSE-SU-2022:10101-1
Platform(s):	openSUSE 12.3 Update openSUSE 13.1 openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0	Product(s):
Definition Synopsis
openSUSE Leap 15.4 is installed AND nim-1.6.6-bp154.2.3.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND mailx-12.5-25 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information libgstgl-1_0-0-1.12.5-3.3.1 is installed OR libgstphotography-1_0-0-1.12.5-3.3.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information libgstgl-1_0-0-1.12.5-3.3 is installed OR libgstphotography-1_0-0-1.12.5-3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information ocaml-4.05.0-4 is installed OR ocaml-compiler-libs-4.05.0-4 is installed OR ocaml-compiler-libs-devel-4.05.0-4 is installed OR ocaml-rpm-macros-4.05.0-4 is installed OR ocaml-runtime-4.05.0-4 is installed

BACK