Oval Definition:oval:org.opensuse.security:def:51783
Revision Date:2020-12-01Version:1
Title:Security update for nginx (Important)
Description:

This update for nginx to version 1.14.2 fixes the following issues:

Security vulnerabilities addressed:

- CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage (bsc#1115025 bsc#1115022). - CVE-2018-16845: Fixed an issue which might result in worker process memory disclosure whne processing of a specially crafted mp4 file with the ngx_http_mp4_module (bsc#1115015).

Other bug fixes and changes made:

- Fixed an issue with handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - The logging level of the 'http request', 'https proxy request', 'unsupported protocol', 'version too low', 'no suitable key share', and 'no suitable signature algorithm' SSL errors has been lowered from 'crit' to 'info'. - Fixed an issue with using OpenSSL 1.1.0 or newer it was not possible to switch off 'ssl_prefer_server_ciphers' in a virtual server if it was switched on in the default server. - Fixed an issue with TLS 1.3 always being enabled when built with OpenSSL 1.1.0 and used with 1.1.1 - Fixed an issue with sending a disk-buffered request body to a gRPC backend - Fixed an issue with connections of some gRPC backends might not be cached when using the 'keepalive' directive. - Fixed a segmentation fault, which might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. - Fixed an issue, whereby working with gRPC backends might result in excessive memory consumption.
Family:unixClass:patch
Status:Reference(s):1115015
1115022
1115025
1117626
1117627
1117629
1117630
1119105
1121571
1121816
1121818
1121821
1122983
1125401
1158095
1159819
1159928
1161517
1161521
1169740
1169746
1171355
1171978
1172651
1173334
992038
CVE-2004-0801
CVE-2008-4989
CVE-2009-4029
CVE-2010-4267
CVE-2011-1006
CVE-2011-1022
CVE-2011-2697
CVE-2011-2722
CVE-2011-4128
CVE-2012-0390
CVE-2012-1569
CVE-2012-1573
CVE-2013-4325
CVE-2013-6402
CVE-2013-6427
CVE-2014-0092
CVE-2014-1545
CVE-2014-1959
CVE-2014-3158
CVE-2014-3466
CVE-2015-1191
CVE-2015-7183
CVE-2016-5824
CVE-2018-12116
CVE-2018-12121
CVE-2018-12122
CVE-2018-12123
CVE-2018-12405
CVE-2018-16843
CVE-2018-16844
CVE-2018-16845
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
CVE-2018-18500
CVE-2018-18501
CVE-2018-18505
CVE-2018-20685
CVE-2018-8956
CVE-2019-14889
CVE-2019-17006
CVE-2019-19956
CVE-2019-20388
CVE-2019-6109
CVE-2019-6110
CVE-2019-6111
CVE-2020-11868
CVE-2020-12399
CVE-2020-13817
CVE-2020-15025
CVE-2020-7595
SUSE-SU-2019:0118-1
SUSE-SU-2019:0126-1
SUSE-SU-2019:0334-1
SUSE-SU-2019:0338-1
SUSE-SU-2020:0130-1
SUSE-SU-2020:1299-1
SUSE-SU-2020:1677-1
SUSE-SU-2020:1823-1
Platform(s):openSUSE Leap 15.0
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Python2 packages 15 SP1
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Workstation Extension 15
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • avahi-0.6.32-lp150.3 is installed
  • OR avahi-lang-0.6.32-lp150.3 is installed
  • OR libavahi-client3-0.6.32-lp150.3 is installed
  • OR libavahi-common3-0.6.32-lp150.3 is installed
  • OR libavahi-core7-0.6.32-lp150.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • emacs-22.3-4.42 is installed
  • OR emacs-info-22.3-4.42 is installed
  • OR emacs-x11-22.3-4.42 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND rpcbind-0.1.6+git20080930-6.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • gnutls-3.2.15-1 is installed
  • OR libgnutls28-3.2.15-1 is installed
  • OR libgnutls28-32bit-3.2.15-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND libcgroup1-0.41.rc1-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • hplip-3.14.6-3 is installed
  • OR hplip-hpijs-3.14.6-3 is installed
  • OR hplip-sane-3.14.6-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • icu-52.1-7 is installed
  • OR libicu52_1-52.1-7 is installed
  • OR libicu52_1-32bit-52.1-7 is installed
  • OR libicu52_1-data-52.1-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • evince-3.20.2-6.22 is installed
  • OR evince-browser-plugin-3.20.2-6.22 is installed
  • OR evince-lang-3.20.2-6.22 is installed
  • OR evince-plugin-djvudocument-3.20.2-6.22 is installed
  • OR evince-plugin-dvidocument-3.20.2-6.22 is installed
  • OR evince-plugin-pdfdocument-3.20.2-6.22 is installed
  • OR evince-plugin-psdocument-3.20.2-6.22 is installed
  • OR evince-plugin-tiffdocument-3.20.2-6.22 is installed
  • OR evince-plugin-xpsdocument-3.20.2-6.22 is installed
  • OR libevdocument3-4-3.20.2-6.22 is installed
  • OR libevview3-3-3.20.2-6.22 is installed
  • OR nautilus-evince-3.20.2-6.22 is installed
  • OR typelib-1_0-EvinceDocument-3_0-3.20.2-6.22 is installed
  • OR typelib-1_0-EvinceView-3_0-3.20.2-6.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND Package Information
  • nginx-1.14.2-3.3 is installed
  • OR vim-plugin-nginx-1.14.2-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed
  • AND Package Information
  • python-libxml2-python-2.9.7-3.19 is installed
  • OR python2-libxml2-python-2.9.7-3.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • openssh-7.6p1-9.13 is installed
  • OR openssh-fips-7.6p1-9.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • libfreebl3-hmac-3.53-3.40 is installed
  • OR libsoftokn3-hmac-3.53-3.40 is installed
  • OR mozilla-nss-3.53-3.40 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 is installed
  • AND Package Information
  • nodejs8-8.15.0-3.11 is installed
  • OR nodejs8-devel-8.15.0-3.11 is installed
  • OR nodejs8-docs-8.15.0-3.11 is installed
  • OR npm8-8.15.0-3.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libIlmImf-Imf_2_1-21-2.1.0-4 is installed
  • OR openexr-2.1.0-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • tomcat-8.0.53-10.35 is installed
  • OR tomcat-admin-webapps-8.0.53-10.35 is installed
  • OR tomcat-docs-webapp-8.0.53-10.35 is installed
  • OR tomcat-el-3_0-api-8.0.53-10.35 is installed
  • OR tomcat-javadoc-8.0.53-10.35 is installed
  • OR tomcat-jsp-2_3-api-8.0.53-10.35 is installed
  • OR tomcat-lib-8.0.53-10.35 is installed
  • OR tomcat-servlet-3_1-api-8.0.53-10.35 is installed
  • OR tomcat-webapps-8.0.53-10.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libtasn1-3.7-11 is installed
  • OR libtasn1-6-3.7-11 is installed
  • OR libtasn1-6-32bit-3.7-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libmysqlclient18-10.0.35-29.20 is installed
  • OR libmysqlclient18-32bit-10.0.35-29.20 is installed
  • OR mariadb-10.0.35-29.20 is installed
  • OR mariadb-client-10.0.35-29.20 is installed
  • OR mariadb-errormessages-10.0.35-29.20 is installed
  • OR mariadb-tools-10.0.35-29.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • perl-5.18.2-12.14 is installed
  • OR perl-32bit-5.18.2-12.14 is installed
  • OR perl-base-5.18.2-12.14 is installed
  • OR perl-doc-5.18.2-12.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • xen-4.7.6_04-43.39 is installed
  • OR xen-doc-html-4.7.6_04-43.39 is installed
  • OR xen-libs-4.7.6_04-43.39 is installed
  • OR xen-libs-32bit-4.7.6_04-43.39 is installed
  • OR xen-tools-4.7.6_04-43.39 is installed
  • OR xen-tools-domU-4.7.6_04-43.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • apache2-2.4.23-28 is installed
  • OR apache2-doc-2.4.23-28 is installed
  • OR apache2-example-pages-2.4.23-28 is installed
  • OR apache2-prefork-2.4.23-28 is installed
  • OR apache2-utils-2.4.23-28 is installed
  • OR apache2-worker-2.4.23-28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libdcerpc-binding0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc-binding0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libdcerpc0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-krb5pac0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-krb5pac0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-nbt0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-nbt0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-standard0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr-standard0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libndr0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libnetapi0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libnetapi0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-credentials0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-credentials0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-errors0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-errors0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-hostconfig0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-hostconfig0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-passdb0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-passdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-util0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamba-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamdb0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsamdb0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbclient0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbconf0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbconf0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbldap0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libsmbldap0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libtevent-util0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libtevent-util0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libwbclient0-4.6.16+git.169.064abe062be-3.46 is installed
  • OR libwbclient0-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-client-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-client-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-doc-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-libs-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-libs-32bit-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-winbind-4.6.16+git.169.064abe062be-3.46 is installed
  • OR samba-winbind-32bit-4.6.16+git.169.064abe062be-3.46 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND sudo-1.8.20p2-3.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • dovecot22-2.2.31-19.11 is installed
  • OR dovecot22-backend-mysql-2.2.31-19.11 is installed
  • OR dovecot22-backend-pgsql-2.2.31-19.11 is installed
  • OR dovecot22-backend-sqlite-2.2.31-19.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • at-3.1.14-8.6 is installed
  • OR flex-2.5.37-8 is installed
  • OR flex-32bit-2.5.37-8 is installed
  • OR libQtWebKit4-4.8.7+2.3.4-4.7 is installed
  • OR libQtWebKit4-32bit-4.8.7+2.3.4-4.7 is installed
  • OR libbonobo-2.32.1-16 is installed
  • OR libbonobo-32bit-2.32.1-16 is installed
  • OR libbonobo-doc-2.32.1-16 is installed
  • OR libbonobo-lang-2.32.1-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND ntp-4.2.8p15-4.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • MozillaThunderbird-60.5.0-3.20 is installed
  • OR MozillaThunderbird-translations-common-60.5.0-3.20 is installed
  • OR MozillaThunderbird-translations-other-60.5.0-3.20 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ruby2.1-rubygem-rails-html-sanitizer-1.0.2-7 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • xen-4.7.6_05-43.42 is installed
  • OR xen-doc-html-4.7.6_05-43.42 is installed
  • OR xen-libs-4.7.6_05-43.42 is installed
  • OR xen-libs-32bit-4.7.6_05-43.42 is installed
  • OR xen-tools-4.7.6_05-43.42 is installed
  • OR xen-tools-domU-4.7.6_05-43.42 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • ardana-monasca-8.0+git.1535031421.9262a47-3.12 is installed
  • OR ardana-spark-8.0+git.1534267176.a5f3a22-3.6 is installed
  • OR kafka-0.10.2.2-5.6 is installed
  • OR openstack-monasca-api-2.2.1~dev24-3.6 is installed
  • OR python-monasca-api-2.2.1~dev24-3.6 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND slf4j-1.7.12-3.3 is installed
    • BACK