Oval Definition:	oval:org.opensuse.security:def:51190
Revision Date: 2021-03-24 Version: 1 Title: Security update for nghttp2 (Important) Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Family: unix Class: patch Status: Reference(s): 1015173 1050549 1051510 1061840 1065600 1065729 1071995 1082318 1085030 1088639 1088810 1103320 1105392 1111666 1112178 1112438 1112504 1114279 1118338 1119947 1120163 1125689 1133021 1133147 1134616 1140025 1140709 1142685 1144162 1146182 1146184 1149032 1152472 1152489 1153095 1153245 1153274 1154036 1154037 1154353 1154488 1154492 1155321 1155518 1156318 1156395 1157424 1157480 1157966 1158013 1159058 1159271 1160218 1160634 1160979 1161360 1161702 1161907 1162557 1162617 1162618 1162619 1162623 1162928 1162943 1163206 1163383 1163384 1163762 1163774 1163836 1163840 1163841 1163842 1163843 1163844 1163845 1163846 1163849 1163850 1163851 1163852 1163853 1163855 1163856 1163857 1163858 1163859 1163860 1163861 1163862 1163863 1163867 1163869 1163880 1163971 1164051 1164069 1164098 1164115 1164314 1164315 1164388 1164471 1164598 1164632 1164705 1164712 1164727 1164728 1164729 1164730 1164731 1164732 1164733 1164734 1164735 1165631 1167152 1167773 1168140 1168142 1168143 1169392 1169790 1171634 1171688 1172108 1172177 1172182 1172184 1172186 1172197 1172205 1172247 1172418 1172871 1172963 1173351 1173468 1173477 1173485 1173691 1173694 1173700 1173701 1173743 1173798 1173813 1173874 1173875 1173876 1173880 1173942 1173954 1174002 1174003 1174026 1174117 1174121 1174205 1174247 1174362 1174387 1174484 1174625 1174645 1174689 1174699 1174737 1174757 1174762 1174770 1174771 1174777 1174805 1174824 1174825 1174852 1174865 1174880 1174897 1174906 1174969 1175009 1175010 1175011 1175012 1175013 1175014 1175015 1175016 1175017 1175018 1175019 1175020 1175021 1175052 1175112 1175116 1175128 1175149 1175175 1175176 1175180 1175181 1175182 1175183 1175184 1175185 1175186 1175187 1175188 1175189 1175190 1175191 1175192 1175195 1175199 1175213 1175232 1175263 1175284 1175296 1175344 1175345 1175346 1175347 1175367 1175377 1175440 1175493 1175546 1175550 1175654 1175691 1175768 1175769 1175770 1175771 1175772 1175774 1175775 1175834 1175873 1176012 1176382 1176896 1181358 962914 964140 966514 CVE-2009-0186 CVE-2010-2800 CVE-2010-2801 CVE-2010-2891 CVE-2011-2696 CVE-2016-1544 CVE-2016-9918 CVE-2017-18922 CVE-2018-1000168 CVE-2018-16884 CVE-2018-21247 CVE-2019-12838 CVE-2019-16770 CVE-2019-17594 CVE-2019-17595 CVE-2019-20839 CVE-2019-20840 CVE-2019-5418 CVE-2019-5419 CVE-2019-5420 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8625 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-9511 CVE-2019-9513 CVE-2020-0431 CVE-2020-0543 CVE-2020-11076 CVE-2020-11077 CVE-2020-11080 CVE-2020-11668 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-13934 CVE-2020-13935 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14381 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-15169 CVE-2020-16166 CVE-2020-1749 CVE-2020-25212 CVE-2020-2732 CVE-2020-5247 CVE-2020-5249 CVE-2020-5267 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-8184 CVE-2020-8185 CVE-2020-8648 CVE-2020-8992 SUSE-SU-2019:0236-1 SUSE-SU-2019:0841-1 SUSE-SU-2019:2989-1 SUSE-SU-2019:2997-1 SUSE-SU-2019:3044-1 SUSE-SU-2020:0688-1 SUSE-SU-2020:1634-1 SUSE-SU-2020:1922-1 SUSE-SU-2020:2047-1 SUSE-SU-2020:2486-1 SUSE-SU-2020:3160-1 SUSE-SU-2020:3178-1 SUSE-SU-2021:0932-1 Platform(s): SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SP2 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Realtime packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Web Scripting 15 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND ruby-1.8.7.p357-0.9.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information kdelibs4-4.3.5-0.14 is installed OR kdelibs4-core-4.3.5-0.14 is installed OR libkde4-4.3.5-0.14 is installed OR libkde4-32bit-4.3.5-0.14 is installed OR libkdecore4-4.3.5-0.14 is installed OR libkdecore4-32bit-4.3.5-0.14 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND libmspack0-0.4-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information gvim-7.4.326-2 is installed OR vim-7.4.326-2 is installed OR vim-data-7.4.326-2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information lhasa-0.2.0-5 is installed OR liblhasa0-0.2.0-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information dhcp-4.3.3-9 is installed OR dhcp-client-4.3.3-9 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information bash-4.3-83.15 is installed OR bash-doc-4.3-83.15 is installed OR bash-lang-4.3-83.15 is installed OR libreadline6-6.3-83.15 is installed OR libreadline6-32bit-6.3-83.15 is installed OR readline-doc-6.3-83.15 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information bluez-5.48-5.13 is installed OR bluez-devel-5.48-5.13 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information typelib-1_0-JavaScriptCore-4_0-2.26.2-3.34 is installed OR typelib-1_0-WebKit2-4_0-2.26.2-3.34 is installed OR typelib-1_0-WebKit2WebExtension-4_0-2.26.2-3.34 is installed OR webkit2gtk3-2.26.2-3.34 is installed OR webkit2gtk3-devel-2.26.2-3.34 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information libpmi0-17.11.13-6.18 is installed OR libslurm32-17.11.13-6.18 is installed OR perl-slurm-17.11.13-6.18 is installed OR slurm-17.11.13-6.18 is installed OR slurm-auth-none-17.11.13-6.18 is installed OR slurm-config-17.11.13-6.18 is installed OR slurm-devel-17.11.13-6.18 is installed OR slurm-doc-17.11.13-6.18 is installed OR slurm-lua-17.11.13-6.18 is installed OR slurm-munge-17.11.13-6.18 is installed OR slurm-node-17.11.13-6.18 is installed OR slurm-pam_slurm-17.11.13-6.18 is installed OR slurm-plugins-17.11.13-6.18 is installed OR slurm-slurmdbd-17.11.13-6.18 is installed OR slurm-sql-17.11.13-6.18 is installed OR slurm-torque-17.11.13-6.18 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information libncurses5-6.1-5.6 is installed OR libncurses5-32bit-6.1-5.6 is installed OR ncurses-6.1-5.6 is installed OR ncurses5-devel-6.1-5.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed AND Package Information kernel-default-5.3.18-24.12 is installed OR reiserfs-kmp-default-5.3.18-24.12 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_6-default-7-2 is installed OR kernel-livepatch-SLE15_Update_2-7-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_51-default-2-2 is installed OR kernel-livepatch-SLE15-SP1_Update_14-2-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Realtime packages 15 SP1 is installed AND Package Information cluster-md-kmp-rt-4.12.14-14.20 is installed OR dlm-kmp-rt-4.12.14-14.20 is installed OR gfs2-kmp-rt-4.12.14-14.20 is installed OR kernel-devel-rt-4.12.14-14.20 is installed OR kernel-rt-4.12.14-14.20 is installed OR kernel-rt-base-4.12.14-14.20 is installed OR kernel-rt-devel-4.12.14-14.20 is installed OR kernel-rt_debug-4.12.14-14.20 is installed OR kernel-rt_debug-devel-4.12.14-14.20 is installed OR kernel-source-rt-4.12.14-14.20 is installed OR kernel-syms-rt-4.12.14-14.20 is installed OR ocfs2-kmp-rt-4.12.14-14.20 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information rmt-server-2.6.5-3.18 is installed OR rmt-server-config-2.6.5-3.18 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed AND Package Information tomcat-9.0.36-3.6 is installed OR tomcat-admin-webapps-9.0.36-3.6 is installed OR tomcat-el-3_0-api-9.0.36-3.6 is installed OR tomcat-jsp-2_3-api-9.0.36-3.6 is installed OR tomcat-lib-9.0.36-3.6 is installed OR tomcat-servlet-4_0-api-9.0.36-3.6 is installed OR tomcat-webapps-9.0.36-3.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information apache-commons-beanutils-1.9.2-1 is installed OR apache-commons-beanutils-javadoc-1.9.2-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information xorg-x11-server-7.6_1.15.2-53.3 is installed OR xorg-x11-server-extra-7.6_1.15.2-53.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information jakarta-commons-fileupload-1.1.1-120 is installed OR jakarta-commons-fileupload-javadoc-1.1.1-120 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libdcerpc-binding0-4.4.2-38.20 is installed OR libdcerpc-binding0-32bit-4.4.2-38.20 is installed OR libdcerpc0-4.4.2-38.20 is installed OR libdcerpc0-32bit-4.4.2-38.20 is installed OR libndr-krb5pac0-4.4.2-38.20 is installed OR libndr-krb5pac0-32bit-4.4.2-38.20 is installed OR libndr-nbt0-4.4.2-38.20 is installed OR libndr-nbt0-32bit-4.4.2-38.20 is installed OR libndr-standard0-4.4.2-38.20 is installed OR libndr-standard0-32bit-4.4.2-38.20 is installed OR libndr0-4.4.2-38.20 is installed OR libndr0-32bit-4.4.2-38.20 is installed OR libnetapi0-4.4.2-38.20 is installed OR libnetapi0-32bit-4.4.2-38.20 is installed OR libsamba-credentials0-4.4.2-38.20 is installed OR libsamba-credentials0-32bit-4.4.2-38.20 is installed OR libsamba-errors0-4.4.2-38.20 is installed OR libsamba-errors0-32bit-4.4.2-38.20 is installed OR libsamba-hostconfig0-4.4.2-38.20 is installed OR libsamba-hostconfig0-32bit-4.4.2-38.20 is installed OR libsamba-passdb0-4.4.2-38.20 is installed OR libsamba-passdb0-32bit-4.4.2-38.20 is installed OR libsamba-util0-4.4.2-38.20 is installed OR libsamba-util0-32bit-4.4.2-38.20 is installed OR libsamdb0-4.4.2-38.20 is installed OR libsamdb0-32bit-4.4.2-38.20 is installed OR libsmbclient0-4.4.2-38.20 is installed OR libsmbclient0-32bit-4.4.2-38.20 is installed OR libsmbconf0-4.4.2-38.20 is installed OR libsmbconf0-32bit-4.4.2-38.20 is installed OR libsmbldap0-4.4.2-38.20 is installed OR libsmbldap0-32bit-4.4.2-38.20 is installed OR libtevent-util0-4.4.2-38.20 is installed OR libtevent-util0-32bit-4.4.2-38.20 is installed OR libwbclient0-4.4.2-38.20 is installed OR libwbclient0-32bit-4.4.2-38.20 is installed OR samba-4.4.2-38.20 is installed OR samba-client-4.4.2-38.20 is installed OR samba-client-32bit-4.4.2-38.20 is installed OR samba-doc-4.4.2-38.20 is installed OR samba-libs-4.4.2-38.20 is installed OR samba-libs-32bit-4.4.2-38.20 is installed OR samba-winbind-4.4.2-38.20 is installed OR samba-winbind-32bit-4.4.2-38.20 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_95-default-2-2 is installed OR kgraft-patch-SLE12-SP2_Update_25-2-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_35-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_12-11-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information bind-9.9.9P1-62 is installed OR bind-chrootenv-9.9.9P1-62 is installed OR bind-doc-9.9.9P1-62 is installed OR bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information ghostscript-9.27-23.28 is installed OR ghostscript-x11-9.27-23.28 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_176-94_88-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_24-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libprocps3-3.3.9-11.14 is installed OR procps-3.3.9-11.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-38.8 is installed OR aaa_base-extras-13.2+git20140911.61c1681-38.8 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed AND libnghttp2-14-1.39.2-3.5.1 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information xen-4.10.4_10-3.31 is installed OR xen-devel-4.10.4_10-3.31 is installed OR xen-libs-4.10.4_10-3.31 is installed OR xen-tools-4.10.4_10-3.31 is installed OR xen-tools-domU-4.10.4_10-3.31 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information LibVNCServer-0.9.10-4.22 is installed OR libvncclient0-0.9.10-4.22 is installed OR libvncserver0-0.9.10-4.22 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND ucode-intel-20180312-13.17 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND nodejs6-6.14.1-11.12 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information perl-5.18.2-12.20 is installed OR perl-32bit-5.18.2-12.20 is installed OR perl-base-5.18.2-12.20 is installed OR perl-doc-5.18.2-12.20 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information MozillaFirefox-68.1.0-109.89 is installed OR MozillaFirefox-branding-SLE-68-32.8 is installed OR MozillaFirefox-translations-common-68.1.0-109.89 is installed
BACK