| Revision Date: | 2021-03-24 | Version: | 1 |
| Title: | Security update for nghttp2 (Important) |
| Description: |
This update for nghttp2 fixes the following issues:
Security issues fixed:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
- Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1015173
1050549
1051510
1061840
1065600
1065729
1071995
1082318
1085030
1088639
1088810
1103320
1105392
1111666
1112178
1112438
1112504
1114279
1118338
1119947
1120163
1125689
1133021
1133147
1134616
1140025
1140709
1142685
1144162
1146182
1146184
1149032
1152472
1152489
1153095
1153245
1153274
1154036
1154037
1154353
1154488
1154492
1155321
1155518
1156318
1156395
1157424
1157480
1157966
1158013
1159058
1159271
1160218
1160634
1160979
1161360
1161702
1161907
1162557
1162617
1162618
1162619
1162623
1162928
1162943
1163206
1163383
1163384
1163762
1163774
1163836
1163840
1163841
1163842
1163843
1163844
1163845
1163846
1163849
1163850
1163851
1163852
1163853
1163855
1163856
1163857
1163858
1163859
1163860
1163861
1163862
1163863
1163867
1163869
1163880
1163971
1164051
1164069
1164098
1164115
1164314
1164315
1164388
1164471
1164598
1164632
1164705
1164712
1164727
1164728
1164729
1164730
1164731
1164732
1164733
1164734
1164735
1165631
1167152
1167773
1168140
1168142
1168143
1169392
1169790
1171634
1171688
1172108
1172177
1172182
1172184
1172186
1172197
1172205
1172247
1172418
1172871
1172963
1173351
1173468
1173477
1173485
1173691
1173694
1173700
1173701
1173743
1173798
1173813
1173874
1173875
1173876
1173880
1173942
1173954
1174002
1174003
1174026
1174117
1174121
1174205
1174247
1174362
1174387
1174484
1174625
1174645
1174689
1174699
1174737
1174757
1174762
1174770
1174771
1174777
1174805
1174824
1174825
1174852
1174865
1174880
1174897
1174906
1174969
1175009
1175010
1175011
1175012
1175013
1175014
1175015
1175016
1175017
1175018
1175019
1175020
1175021
1175052
1175112
1175116
1175128
1175149
1175175
1175176
1175180
1175181
1175182
1175183
1175184
1175185
1175186
1175187
1175188
1175189
1175190
1175191
1175192
1175195
1175199
1175213
1175232
1175263
1175284
1175296
1175344
1175345
1175346
1175347
1175367
1175377
1175440
1175493
1175546
1175550
1175654
1175691
1175768
1175769
1175770
1175771
1175772
1175774
1175775
1175834
1175873
1176012
1176382
1176896
1181358
962914
964140
966514
CVE-2009-0186
CVE-2010-2800
CVE-2010-2801
CVE-2010-2891
CVE-2011-2696
CVE-2016-1544
CVE-2016-9918
CVE-2017-18922
CVE-2018-1000168
CVE-2018-16884
CVE-2018-21247
CVE-2019-12838
CVE-2019-16770
CVE-2019-17594
CVE-2019-17595
CVE-2019-20839
CVE-2019-20840
CVE-2019-5418
CVE-2019-5419
CVE-2019-5420
CVE-2019-8551
CVE-2019-8558
CVE-2019-8559
CVE-2019-8563
CVE-2019-8625
CVE-2019-8674
CVE-2019-8681
CVE-2019-8684
CVE-2019-8686
CVE-2019-8687
CVE-2019-8688
CVE-2019-8689
CVE-2019-8690
CVE-2019-8707
CVE-2019-8710
CVE-2019-8719
CVE-2019-8720
CVE-2019-8726
CVE-2019-8733
CVE-2019-8735
CVE-2019-8743
CVE-2019-8763
CVE-2019-8764
CVE-2019-8765
CVE-2019-8766
CVE-2019-8768
CVE-2019-8769
CVE-2019-8771
CVE-2019-8782
CVE-2019-8783
CVE-2019-8808
CVE-2019-8811
CVE-2019-8812
CVE-2019-8813
CVE-2019-8814
CVE-2019-8815
CVE-2019-8816
CVE-2019-8819
CVE-2019-8820
CVE-2019-8821
CVE-2019-8822
CVE-2019-8823
CVE-2019-9511
CVE-2019-9513
CVE-2020-0431
CVE-2020-0543
CVE-2020-11076
CVE-2020-11077
CVE-2020-11080
CVE-2020-11668
CVE-2020-11739
CVE-2020-11740
CVE-2020-11741
CVE-2020-11742
CVE-2020-11743
CVE-2020-13934
CVE-2020-13935
CVE-2020-14314
CVE-2020-14331
CVE-2020-14356
CVE-2020-14381
CVE-2020-14397
CVE-2020-14398
CVE-2020-14399
CVE-2020-14400
CVE-2020-14401
CVE-2020-14402
CVE-2020-15169
CVE-2020-16166
CVE-2020-1749
CVE-2020-25212
CVE-2020-2732
CVE-2020-5247
CVE-2020-5249
CVE-2020-5267
CVE-2020-8164
CVE-2020-8165
CVE-2020-8166
CVE-2020-8167
CVE-2020-8184
CVE-2020-8185
CVE-2020-8648
CVE-2020-8992
SUSE-SU-2019:0236-1
SUSE-SU-2019:0841-1
SUSE-SU-2019:2989-1
SUSE-SU-2019:2997-1
SUSE-SU-2019:3044-1
SUSE-SU-2020:0688-1
SUSE-SU-2020:1634-1
SUSE-SU-2020:1922-1
SUSE-SU-2020:2047-1
SUSE-SU-2020:2486-1
SUSE-SU-2020:3160-1
SUSE-SU-2020:3178-1
SUSE-SU-2021:0932-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for High Performance Computing 15
SUSE Linux Enterprise Module for Legacy Software 15 SP1
SUSE Linux Enterprise Module for Legacy Software 15 SP2
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Realtime packages 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP2 is installed AND ruby-1.8.7.p357-0.9.13 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP3 is installed
AND Package Information
kdelibs4-4.3.5-0.14 is installed
OR kdelibs4-core-4.3.5-0.14 is installed
OR libkde4-4.3.5-0.14 is installed
OR libkde4-32bit-4.3.5-0.14 is installed
OR libkdecore4-4.3.5-0.14 is installed
OR libkdecore4-32bit-4.3.5-0.14 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 is installed
AND libmspack0-0.4-3 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP1 is installed
AND Package Information
gvim-7.4.326-2 is installed
OR vim-7.4.326-2 is installed
OR vim-data-7.4.326-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed
AND Package Information
lhasa-0.2.0-5 is installed
OR liblhasa0-0.2.0-5 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP3 is installed
AND Package Information
dhcp-4.3.3-9 is installed
OR dhcp-client-4.3.3-9 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP4 is installed
AND Package Information
bash-4.3-83.15 is installed
OR bash-doc-4.3-83.15 is installed
OR bash-lang-4.3-83.15 is installed
OR libreadline6-6.3-83.15 is installed
OR libreadline6-32bit-6.3-83.15 is installed
OR readline-doc-6.3-83.15 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Desktop Applications 15 is installed
AND Package Information
bluez-5.48-5.13 is installed
OR bluez-devel-5.48-5.13 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
AND Package Information
typelib-1_0-JavaScriptCore-4_0-2.26.2-3.34 is installed
OR typelib-1_0-WebKit2-4_0-2.26.2-3.34 is installed
OR typelib-1_0-WebKit2WebExtension-4_0-2.26.2-3.34 is installed
OR webkit2gtk3-2.26.2-3.34 is installed
OR webkit2gtk3-devel-2.26.2-3.34 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for High Performance Computing 15 is installed
AND Package Information
libpmi0-17.11.13-6.18 is installed
OR libslurm32-17.11.13-6.18 is installed
OR perl-slurm-17.11.13-6.18 is installed
OR slurm-17.11.13-6.18 is installed
OR slurm-auth-none-17.11.13-6.18 is installed
OR slurm-config-17.11.13-6.18 is installed
OR slurm-devel-17.11.13-6.18 is installed
OR slurm-doc-17.11.13-6.18 is installed
OR slurm-lua-17.11.13-6.18 is installed
OR slurm-munge-17.11.13-6.18 is installed
OR slurm-node-17.11.13-6.18 is installed
OR slurm-pam_slurm-17.11.13-6.18 is installed
OR slurm-plugins-17.11.13-6.18 is installed
OR slurm-slurmdbd-17.11.13-6.18 is installed
OR slurm-sql-17.11.13-6.18 is installed
OR slurm-torque-17.11.13-6.18 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed
AND Package Information
libncurses5-6.1-5.6 is installed
OR libncurses5-32bit-6.1-5.6 is installed
OR ncurses-6.1-5.6 is installed
OR ncurses5-devel-6.1-5.6 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed
AND Package Information
kernel-default-5.3.18-24.12 is installed
OR reiserfs-kmp-default-5.3.18-24.12 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Live Patching 15 is installed
AND Package Information
kernel-livepatch-4_12_14-25_6-default-7-2 is installed
OR kernel-livepatch-SLE15_Update_2-7-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
AND Package Information
kernel-livepatch-4_12_14-197_51-default-2-2 is installed
OR kernel-livepatch-SLE15-SP1_Update_14-2-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Realtime packages 15 SP1 is installed
AND Package Information
cluster-md-kmp-rt-4.12.14-14.20 is installed
OR dlm-kmp-rt-4.12.14-14.20 is installed
OR gfs2-kmp-rt-4.12.14-14.20 is installed
OR kernel-devel-rt-4.12.14-14.20 is installed
OR kernel-rt-4.12.14-14.20 is installed
OR kernel-rt-base-4.12.14-14.20 is installed
OR kernel-rt-devel-4.12.14-14.20 is installed
OR kernel-rt_debug-4.12.14-14.20 is installed
OR kernel-rt_debug-devel-4.12.14-14.20 is installed
OR kernel-source-rt-4.12.14-14.20 is installed
OR kernel-syms-rt-4.12.14-14.20 is installed
OR ocfs2-kmp-rt-4.12.14-14.20 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
AND Package Information
rmt-server-2.6.5-3.18 is installed
OR rmt-server-config-2.6.5-3.18 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
AND Package Information
tomcat-9.0.36-3.6 is installed
OR tomcat-admin-webapps-9.0.36-3.6 is installed
OR tomcat-el-3_0-api-9.0.36-3.6 is installed
OR tomcat-jsp-2_3-api-9.0.36-3.6 is installed
OR tomcat-lib-9.0.36-3.6 is installed
OR tomcat-servlet-4_0-api-9.0.36-3.6 is installed
OR tomcat-webapps-9.0.36-3.6 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP1 is installed
AND Package Information
apache-commons-beanutils-1.9.2-1 is installed
OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP1-LTSS is installed
AND Package Information
xorg-x11-server-7.6_1.15.2-53.3 is installed
OR xorg-x11-server-extra-7.6_1.15.2-53.3 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2 is installed
AND Package Information
jakarta-commons-fileupload-1.1.1-120 is installed
OR jakarta-commons-fileupload-javadoc-1.1.1-120 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-BCL is installed
AND Package Information
libdcerpc-binding0-4.4.2-38.20 is installed
OR libdcerpc-binding0-32bit-4.4.2-38.20 is installed
OR libdcerpc0-4.4.2-38.20 is installed
OR libdcerpc0-32bit-4.4.2-38.20 is installed
OR libndr-krb5pac0-4.4.2-38.20 is installed
OR libndr-krb5pac0-32bit-4.4.2-38.20 is installed
OR libndr-nbt0-4.4.2-38.20 is installed
OR libndr-nbt0-32bit-4.4.2-38.20 is installed
OR libndr-standard0-4.4.2-38.20 is installed
OR libndr-standard0-32bit-4.4.2-38.20 is installed
OR libndr0-4.4.2-38.20 is installed
OR libndr0-32bit-4.4.2-38.20 is installed
OR libnetapi0-4.4.2-38.20 is installed
OR libnetapi0-32bit-4.4.2-38.20 is installed
OR libsamba-credentials0-4.4.2-38.20 is installed
OR libsamba-credentials0-32bit-4.4.2-38.20 is installed
OR libsamba-errors0-4.4.2-38.20 is installed
OR libsamba-errors0-32bit-4.4.2-38.20 is installed
OR libsamba-hostconfig0-4.4.2-38.20 is installed
OR libsamba-hostconfig0-32bit-4.4.2-38.20 is installed
OR libsamba-passdb0-4.4.2-38.20 is installed
OR libsamba-passdb0-32bit-4.4.2-38.20 is installed
OR libsamba-util0-4.4.2-38.20 is installed
OR libsamba-util0-32bit-4.4.2-38.20 is installed
OR libsamdb0-4.4.2-38.20 is installed
OR libsamdb0-32bit-4.4.2-38.20 is installed
OR libsmbclient0-4.4.2-38.20 is installed
OR libsmbclient0-32bit-4.4.2-38.20 is installed
OR libsmbconf0-4.4.2-38.20 is installed
OR libsmbconf0-32bit-4.4.2-38.20 is installed
OR libsmbldap0-4.4.2-38.20 is installed
OR libsmbldap0-32bit-4.4.2-38.20 is installed
OR libtevent-util0-4.4.2-38.20 is installed
OR libtevent-util0-32bit-4.4.2-38.20 is installed
OR libwbclient0-4.4.2-38.20 is installed
OR libwbclient0-32bit-4.4.2-38.20 is installed
OR samba-4.4.2-38.20 is installed
OR samba-client-4.4.2-38.20 is installed
OR samba-client-32bit-4.4.2-38.20 is installed
OR samba-doc-4.4.2-38.20 is installed
OR samba-libs-4.4.2-38.20 is installed
OR samba-libs-32bit-4.4.2-38.20 is installed
OR samba-winbind-4.4.2-38.20 is installed
OR samba-winbind-32bit-4.4.2-38.20 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
AND Package Information
kgraft-patch-4_4_121-92_95-default-2-2 is installed
OR kgraft-patch-SLE12-SP2_Update_25-2-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-LTSS is installed
AND Package Information
kgraft-patch-4_4_74-92_35-default-11-2 is installed
OR kgraft-patch-SLE12-SP2_Update_12-11-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed
AND Package Information
bind-9.9.9P1-62 is installed
OR bind-chrootenv-9.9.9P1-62 is installed
OR bind-doc-9.9.9P1-62 is installed
OR bind-libs-9.9.9P1-62 is installed
OR bind-libs-32bit-9.9.9P1-62 is installed
OR bind-utils-9.9.9P1-62 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-BCL is installed
AND Package Information
ghostscript-9.27-23.28 is installed
OR ghostscript-x11-9.27-23.28 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
AND Package Information
kgraft-patch-4_4_176-94_88-default-4-2 is installed
OR kgraft-patch-SLE12-SP3_Update_24-4-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-LTSS is installed
AND Package Information
java-1_8_0-openjdk-1.8.0.222-27.35 is installed
OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed
OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed
OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
AND Package Information
libprocps3-3.3.9-11.14 is installed
OR procps-3.3.9-11.14 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP4 is installed
AND Package Information
aaa_base-13.2+git20140911.61c1681-38.8 is installed
OR aaa_base-extras-13.2+git20140911.61c1681-38.8 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
AND libnghttp2-14-1.39.2-3.5.1 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server for SAP Applications 15 is installed
AND Package Information
xen-4.10.4_10-3.31 is installed
OR xen-devel-4.10.4_10-3.31 is installed
OR xen-libs-4.10.4_10-3.31 is installed
OR xen-tools-4.10.4_10-3.31 is installed
OR xen-tools-domU-4.10.4_10-3.31 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
AND Package Information
LibVNCServer-0.9.10-4.22 is installed
OR libvncclient0-0.9.10-4.22 is installed
OR libvncserver0-0.9.10-4.22 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 6 is installed
AND ucode-intel-20180312-13.17 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 7 is installed
AND nodejs6-6.14.1-11.12 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 8 is installed
AND Package Information
perl-5.18.2-12.20 is installed
OR perl-32bit-5.18.2-12.20 is installed
OR perl-base-5.18.2-12.20 is installed
OR perl-doc-5.18.2-12.20 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud Crowbar 8 is installed
AND Package Information
MozillaFirefox-68.1.0-109.89 is installed
OR MozillaFirefox-branding-SLE-68-32.8 is installed
OR MozillaFirefox-translations-common-68.1.0-109.89 is installed
|