Oval Definition:	oval:org.opensuse.security:def:51759
Revision Date: 2021-03-24 Version: 1 Title: Security update for nghttp2 (Important) Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Family: unix Class: patch Status: Reference(s): 1046299 1046303 1046305 1050244 1050536 1050545 1051510 1055186 1061840 1064802 1065600 1066129 1073513 1079730 1082318 1082635 1083647 1086323 1087092 1088639 1089644 1090631 1093205 1094289 1096254 1097583 1097584 1097585 1097586 1097587 1097588 1098291 1098403 1101674 1108606 1109158 1111025 1112438 1114279 1115717 1117665 1119461 1119465 1119991 1121626 1123034 1123080 1125113 1125689 1126088 1132666 1133140 1134303 1134616 1135642 1135854 1135855 1135873 1135966 1135967 1136035 1137040 1137799 1138190 1139073 1140090 1140729 1140845 1140883 1141600 1142635 1142667 1143706 1143794 1144087 1144338 1144375 1144449 1144903 1145099 1145379 1145427 1145436 1145774 1146182 1146184 1146612 1146873 1148410 1149119 1149811 1150452 1150457 1150465 1150875 1151508 1152506 1152624 1152685 1152788 1152791 1153112 1153158 1153236 1153263 1153476 1153509 1153646 1153713 1153717 1153718 1153719 1153811 1153969 1154108 1154189 1154354 1154372 1154578 1154607 1154608 1154610 1154611 1154651 1154737 1154747 1154848 1154858 1154905 1155178 1155179 1155184 1155186 1155217 1155671 1160460 1164390 1171456 1171457 1171458 1176590 1181358 962914 964140 966514 CVE-2004-2771 CVE-2009-0946 CVE-2010-2497 CVE-2010-2522 CVE-2010-2523 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2013-0176 CVE-2013-2126 CVE-2013-2127 CVE-2014-0017 CVE-2014-0172 CVE-2014-2240 CVE-2014-7844 CVE-2014-8132 CVE-2014-8962 CVE-2014-9028 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 CVE-2015-3146 CVE-2016-0739 CVE-2016-1544 CVE-2018-0739 CVE-2018-1000168 CVE-2018-12207 CVE-2018-17000 CVE-2018-19210 CVE-2018-20126 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-12068 CVE-2019-12269 CVE-2019-14378 CVE-2019-15890 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16995 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18466 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-6128 CVE-2019-7663 CVE-2019-9511 CVE-2019-9513 CVE-2020-10957 CVE-2020-10958 CVE-2020-10967 CVE-2020-11080 CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 SUSE-SU-2018:2072-1 SUSE-SU-2019:0786-1 SUSE-SU-2019:1576-1 SUSE-SU-2019:2020-1 SUSE-SU-2019:2955-1 SUSE-SU-2020:0697-1 SUSE-SU-2020:1379-1 SUSE-SU-2020:2770-1 SUSE-SU-2021:0932-1 Platform(s): openSUSE Leap 15.0 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Public Cloud 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information libFLAC++6-1.3.2-lp150.1 is installed OR libFLAC8-1.3.2-lp150.1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information augeas-0.9.0-3.17 is installed OR libaugeas0-0.9.0-3.17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND LibVNCServer-0.9.1-156 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information elfutils-0.158-3 is installed OR libasm1-0.158-3 is installed OR libdw1-0.158-3 is installed OR libdw1-32bit-0.158-3 is installed OR libebl1-0.158-3 is installed OR libebl1-32bit-0.158-3 is installed OR libelf1-0.158-3 is installed OR libelf1-32bit-0.158-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libFLAC8-1.3.0-6 is installed OR libFLAC8-32bit-1.3.0-6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND ft2demos-2.6.3-7.8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information gnome-keyring-3.20.0-27 is installed OR gnome-keyring-32bit-3.20.0-27 is installed OR gnome-keyring-lang-3.20.0-27 is installed OR gnome-keyring-pam-3.20.0-27 is installed OR gnome-keyring-pam-32bit-3.20.0-27 is installed OR libgck-modules-gnome-keyring-3.20.0-27 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cpio-2.11-36.3 is installed OR cpio-lang-2.11-36.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information kernel-default-4.12.14-150.41 is installed OR kernel-default-base-4.12.14-150.41 is installed OR kernel-docs-4.12.14-150.41 is installed OR kernel-docs-html-4.12.14-150.41 is installed OR kernel-obs-qa-4.12.14-150.41 is installed OR kselftests-kmp-default-4.12.14-150.41 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed AND Package Information cni-0.7.1-3.3 is installed OR cni-plugins-0.8.4-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information ovmf-2017+git1510945757.b2662641d5-5.3 is installed OR ovmf-tools-2017+git1510945757.b2662641d5-5.3 is installed OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.3 is installed OR qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information qemu-3.1.1.1-9.6 is installed OR qemu-arm-3.1.1.1-9.6 is installed OR qemu-audio-alsa-3.1.1.1-9.6 is installed OR qemu-audio-oss-3.1.1.1-9.6 is installed OR qemu-audio-pa-3.1.1.1-9.6 is installed OR qemu-block-curl-3.1.1.1-9.6 is installed OR qemu-block-iscsi-3.1.1.1-9.6 is installed OR qemu-block-rbd-3.1.1.1-9.6 is installed OR qemu-block-ssh-3.1.1.1-9.6 is installed OR qemu-guest-agent-3.1.1.1-9.6 is installed OR qemu-ipxe-1.0.0+-9.6 is installed OR qemu-kvm-3.1.1.1-9.6 is installed OR qemu-lang-3.1.1.1-9.6 is installed OR qemu-ppc-3.1.1.1-9.6 is installed OR qemu-s390-3.1.1.1-9.6 is installed OR qemu-seabios-1.12.0-9.6 is installed OR qemu-sgabios-8-9.6 is installed OR qemu-ui-curses-3.1.1.1-9.6 is installed OR qemu-ui-gtk-3.1.1.1-9.6 is installed OR qemu-vgabios-1.12.0-9.6 is installed OR qemu-x86-3.1.1.1-9.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed AND Package Information dpdk-19.11.4-3.9 is installed OR dpdk-devel-19.11.4-3.9 is installed OR dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9 is installed OR dpdk-thunderx-19.11.4-3.9 is installed OR dpdk-thunderx-devel-19.11.4-3.9 is installed OR dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9 is installed OR dpdk-tools-19.11.4-3.9 is installed OR libdpdk-20_0-19.11.4-3.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information gpg2-2.0.24-1 is installed OR gpg2-lang-2.0.24-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_66-default-8-2 is installed OR kgraft-patch-3_12_74-60_64_66-xen-8-2 is installed OR kgraft-patch-SLE12-SP1_Update_23-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libpng12-0-1.2.50-13 is installed OR libpng12-0-32bit-1.2.50-13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libssh2-1-1.4.3-20.6 is installed OR libssh2-1-32bit-1.4.3-20.6 is installed OR libssh2_org-1.4.3-20.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information apache2-2.4.23-29.24 is installed OR apache2-doc-2.4.23-29.24 is installed OR apache2-example-pages-2.4.23-29.24 is installed OR apache2-prefork-2.4.23-29.24 is installed OR apache2-utils-2.4.23-29.24 is installed OR apache2-worker-2.4.23-29.24 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information cpio-2.11-35 is installed OR cpio-lang-2.11-35 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND squid-3.5.21-26.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed OR libwebkit2gtk3-lang-2.24.4-2.47 is installed OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed OR webkit2gtk3-2.24.4-2.47 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information ovmf-2017+git1492060560.b6d11d7c46-4.12 is installed OR ovmf-tools-2017+git1492060560.b6d11d7c46-4.12 is installed OR qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-4.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information dbus-1-glib-0.100.2-3 is installed OR dbus-1-glib-32bit-0.100.2-3 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information dovecot23-2.3.10-4.22 is installed OR dovecot23-backend-mysql-2.3.10-4.22 is installed OR dovecot23-backend-pgsql-2.3.10-4.22 is installed OR dovecot23-backend-sqlite-2.3.10-4.22 is installed OR dovecot23-devel-2.3.10-4.22 is installed OR dovecot23-fts-2.3.10-4.22 is installed OR dovecot23-fts-lucene-2.3.10-4.22 is installed OR dovecot23-fts-solr-2.3.10-4.22 is installed OR dovecot23-fts-squat-2.3.10-4.22 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed AND libnghttp2-14-1.39.2-3.5.1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND enigmail-2.0.11-3.16 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information openstack-swift-2.1.0-4 is installed OR openstack-swift-account-2.1.0-4 is installed OR openstack-swift-container-2.1.0-4 is installed OR openstack-swift-object-2.1.0-4 is installed OR openstack-swift-proxy-2.1.0-4 is installed OR python-swift-2.1.0-4 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information openstack-dashboard-10.0.6~dev4-4.15 is installed OR openstack-heat-7.0.7~dev10-5.12 is installed OR openstack-heat-api-7.0.7~dev10-5.12 is installed OR openstack-heat-api-cfn-7.0.7~dev10-5.12 is installed OR openstack-heat-api-cloudwatch-7.0.7~dev10-5.12 is installed OR openstack-heat-doc-7.0.7~dev10-5.12 is installed OR openstack-heat-engine-7.0.7~dev10-5.12 is installed OR openstack-heat-plugin-heat_docker-7.0.7~dev10-5.12 is installed OR openstack-heat-test-7.0.7~dev10-5.12 is installed OR openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.6 is installed OR openstack-keystone-10.0.3~dev9-7.12 is installed OR openstack-keystone-doc-10.0.3~dev9-7.12 is installed OR openstack-nova-14.0.11~dev13-4.25 is installed OR openstack-nova-api-14.0.11~dev13-4.25 is installed OR openstack-nova-cells-14.0.11~dev13-4.25 is installed OR openstack-nova-cert-14.0.11~dev13-4.25 is installed OR openstack-nova-compute-14.0.11~dev13-4.25 is installed OR openstack-nova-conductor-14.0.11~dev13-4.25 is installed OR openstack-nova-console-14.0.11~dev13-4.25 is installed OR openstack-nova-consoleauth-14.0.11~dev13-4.25 is installed OR openstack-nova-doc-14.0.11~dev13-4.25 is installed OR openstack-nova-novncproxy-14.0.11~dev13-4.25 is installed OR openstack-nova-placement-api-14.0.11~dev13-4.25 is installed OR openstack-nova-scheduler-14.0.11~dev13-4.25 is installed OR openstack-nova-serialproxy-14.0.11~dev13-4.25 is installed OR openstack-nova-vncproxy-14.0.11~dev13-4.25 is installed OR python-heat-7.0.7~dev10-5.12 is installed OR python-horizon-10.0.6~dev4-4.15 is installed OR python-horizon-plugin-designate-ui-3.0.2~dev1-3.6 is installed OR python-keystone-10.0.3~dev9-7.12 is installed OR python-nova-14.0.11~dev13-4.25 is installed OR python-os-vif-1.2.1-3.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND slf4j-1.7.12-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND python-Django-1.11.11-3.3 is installed
BACK